fixup commit for branch 'MOZILLA_0_9_6_BRANCH' MOZILLA_0_9_6_BRANCH MOZILLA_0_9_6_BASE MOZILLA_0_9_6_RELEASE
authorcvs2hg
Thu, 01 Nov 2001 22:33:19 +0000
branchMOZILLA_0_9_6_BRANCH
changeset 2249 cc5b48c8ecdda09f1389ad1eea2817104ba2da80
parent 1675 cb43195ea0d847ced00825cf4dadafb1b1d3c5fa
child 2250 6bfe1dbb94ba899f1de1ed2c036902199b51e208
child 2324 4f88d171f5c338014e412d23bd6ba9ddd4a2c8b6
child 14023 22073d57408b5a916c09fe7b545c955d45e900ff
push idunknown
push userunknown
push dateunknown
fixup commit for branch 'MOZILLA_0_9_6_BRANCH'
dbm/include/Makefile.win
dbm/include/cdefs.h
dbm/include/hash.h
dbm/include/mcom_db.h
dbm/include/ncompat.h
dbm/include/nsres.h
dbm/macbuild/DBMConfig.h
dbm/src/Makefile.win
dbm/src/h_bigkey.c
dbm/src/h_page.c
dbm/src/hash.c
dbm/src/memmove.c
dbm/src/nsres.c
dbm/src/snprintf.c
dbm/tests/Makefile.in
dbm/tests/lots.c
security/coreconf/HP-UXB.11.11.mk
security/coreconf/Linux.mk
security/coreconf/NetBSD.mk
security/coreconf/OpenVMS.mk
security/coreconf/command.mk
security/coreconf/tree.mk
security/dbm/Makefile
security/dbm/include/Makefile
security/dbm/include/manifest.mn
security/dbm/manifest.mn
security/dbm/src/Makefile
security/dbm/src/config.mk
security/dbm/src/manifest.mn
security/dbm/tests/Makefile
security/nss/cmd/certutil/certutil.c
security/nss/cmd/signtool/list.c
security/nss/cmd/signtool/sign.c
security/nss/cmd/signtool/verify.c
security/nss/cmd/tstclnt/tstclnt.c
security/nss/lib/certdb/pcertdb.c
security/nss/lib/certhigh/certvfy.c
security/nss/lib/certhigh/ocsp.c
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/crmf/asn1cmn.c
security/nss/lib/crmf/crmftmpl.c
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/mpi/mpprime.c
security/nss/lib/nss/nss.def
security/nss/lib/nss/nss.h
security/nss/lib/pk11wrap/pk11db.c
security/nss/lib/pk11wrap/pk11func.h
security/nss/lib/pk11wrap/pk11kea.c
security/nss/lib/pk11wrap/pk11skey.c
security/nss/lib/pk11wrap/pk11slot.c
security/nss/lib/pk11wrap/pk11util.c
security/nss/lib/pkcs12/p12d.c
security/nss/lib/pkcs12/p12e.c
security/nss/lib/smime/cmsrecinfo.c
security/nss/lib/smime/cmssigdata.c
security/nss/lib/smime/cmsutil.c
security/nss/lib/softoken/keydb.c
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/pkcs11t.h
security/nss/lib/softoken/pkcs11u.c
security/nss/lib/softoken/private.h
security/nss/lib/ssl/manifest.mn
security/nss/lib/ssl/ssl.def
security/nss/lib/ssl/ssl.h
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/sslcon.c
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslnonce.c
security/nss/lib/ssl/sslsecur.c
security/nss/lib/ssl/sslsnce.c
security/nss/lib/util/mac_rand.c
security/nss/lib/util/secasn1d.c
security/nss/lib/util/secasn1e.c
security/nss/lib/util/secasn1t.h
security/nss/lib/util/secerr.h
security/nss/macbuild/LoadableRoots.mcp
security/nss/macbuild/NSS.mcp
security/nss/macbuild/NSSckfw.mcp
security/nss/makefile.win
security/nss/manifest.mn
security/nss/tests/ssl/sslauth.txt
--- a/dbm/include/Makefile.win
+++ b/dbm/include/Makefile.win
@@ -42,22 +42,19 @@ DEPTH= ..\..
 MAKE_OBJ_TYPE=EXE
 !endif
 
 #//------------------------------------------------------------------------
 #//
 #// install headers
 #//
 #//------------------------------------------------------------------------
-INSTALL_DIR=$(XPDIST)\include
-INSTALL_FILE_LIST= nsres.h cdefs.h mcom_db.h ncompat.h winfile.h
+EXPORTS=nsres.h cdefs.h mcom_db.h ncompat.h winfile.h
 
 #//------------------------------------------------------------------------
 #//
 #// Include the common makefile rules
 #//
 #//------------------------------------------------------------------------
 include <$(DEPTH)/config/rules.mak>
 
 CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT
 
-export:: INSTALL_FILES
-
--- a/dbm/include/cdefs.h
+++ b/dbm/include/cdefs.h
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /*
  * Copyright (c) 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
  * This code is derived from software contributed to Berkeley by
  * Berkeley Software Design, Inc.
  *
@@ -56,47 +72,37 @@
  * SUCH DAMAGE.
  *
  *	@(#)cdefs.h	8.7 (Berkeley) 1/21/94
  */
 
 #ifndef	_CDEFS_H_
 #define	_CDEFS_H_
 
-#ifdef __BEGIN_DECLS
-#undef __BEGIN_DECLS
-#endif
-#ifdef __END_DECLS
-#undef __END_DECLS
-#endif
-
 #if defined(__cplusplus)
 #define	__BEGIN_DECLS	extern "C" {
 #define	__END_DECLS	}
 #else
 #define	__BEGIN_DECLS
 #define	__END_DECLS
 #endif
 
 /*
  * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
  * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
  * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
  * in between its arguments.  __CONCAT can also concatenate double-quoted
  * strings produced by the __STRING macro, but this only works with ANSI C.
  */
-#undef __P
-#undef __CONCAT
-#undef __STRING
-
 #if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2)
 #define	__P(protos)	protos		/* full-blown ANSI C */
 #define	__CONCAT(x,y)	x ## y
 #define	__STRING(x)	#x
 
+/* On HP-UX 11.00, <sys/stdsyms.h> defines __const. */
 #ifndef __const
 #define	__const		const		/* define reserved names to standard */
 #endif  /* __const */
 #define	__signed	signed
 #define	__volatile	volatile
 #ifndef _WINDOWS
 #if defined(__cplusplus)
 #define	__inline	inline		/* convert to C++ keyword */
@@ -151,16 +157,9 @@
 #endif
 
 /* Delete pseudo-keywords wherever they are not available or needed. */
 #ifndef __dead
 #define	__dead
 #define	__pure
 #endif
 
-#ifdef AIXV3
-/* Wont compile without const. Need a cleaner way to handle this. */
-#ifdef const
-#undef const
-#endif
-#endif
-
 #endif /* !_CDEFS_H_ */
--- a/dbm/include/hash.h
+++ b/dbm/include/hash.h
@@ -88,17 +88,17 @@ typedef struct hashhdr {		/* Disk reside
 	int32		last_freed;	/* Last overflow page freed */
 	int32		max_bucket;	/* ID of Maximum bucket in use */
 	int32		high_mask;	/* Mask to modulo into entire table */
 	int32		low_mask;	/* Mask to modulo into lower half of 
 					 * table */
 	int32		ffactor;	/* Fill factor */
 	int32		nkeys;		/* Number of keys in hash table */
 	int32		hdrpages;	/* Size of table header */
-	int32		h_charkey;	/* value of hash(CHARKEY) */
+	uint32		h_charkey;	/* value of hash(CHARKEY) */
 #define NCACHED	32			/* number of bit maps and spare 
 					 * points */
 	int32		spares[NCACHED];/* spare pages for overflow */
 	uint16		bitmaps[NCACHED];	/* address of overflow page 
 						 * bitmaps */
 } HASHHDR;
 
 typedef struct htab	 {		/* Memory resident data structure */
@@ -126,17 +126,17 @@ typedef struct htab	 {		/* Memory reside
 	uint32		*mapp[NCACHED];	/* Pointers to page maps */
 	int		nmaps;		/* Initial number of bitmaps */
 	int		nbufs;		/* Number of buffers left to 
 					 * allocate */
 	BUFHEAD 	bufhead;	/* Header of buffer lru list */
 	SEGMENT 	*dir;		/* Hash Bucket directory */
 	off_t		file_size;	/* in bytes */
 	char		is_temp;	/* unlink file on close */
-	char		updateEOF;	/* close and reopen on flush */
+	char		updateEOF;	/* force EOF update on flush */
 } HTAB;
 
 /*
  * Constants
  */
 #define DATABASE_CORRUPTED_ERROR -999   /* big ugly abort, delete database */
 #define	OLD_MAX_BSIZE		65536		/* 2^16 */
 #define MAX_BSIZE       	32l*1024l         /* 2^15 */
--- a/dbm/include/mcom_db.h
+++ b/dbm/include/mcom_db.h
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /*- 
  * Copyright (c) 1990, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -53,110 +69,159 @@
  * SUCH DAMAGE.
  *
  *	@(#)db.h	8.7 (Berkeley) 6/16/94
  */
 
 #ifndef _DB_H_
 #define	_DB_H_
 
-#ifndef HAVE_SYS_CDEFS_H
-#include "cdefs.h"
-#else
-#include <cdefs.h>
+#ifndef macintosh
+#include <sys/types.h>
 #endif
 #include "prtypes.h"
 
+#include <limits.h>
+
+#ifdef __DBINTERFACE_PRIVATE
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#else
+#include "cdefs.h"
+#endif
+
 #ifdef HAVE_SYS_BYTEORDER_H
-#include <sys/types.h>
 #include <sys/byteorder.h>
 #endif
 
 #if defined(__linux) || defined(__BEOS__)
 #include <endian.h>
 #ifndef BYTE_ORDER
 #define BYTE_ORDER    __BYTE_ORDER
 #define BIG_ENDIAN    __BIG_ENDIAN
 #define LITTLE_ENDIAN __LITTLE_ENDIAN
 #endif
 #endif /* __linux */
 
 #ifdef __sgi
 #define BYTE_ORDER BIG_ENDIAN
 #define BIG_ENDIAN      4321
 #define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
-#define	__BIT_TYPES_DEFINED__
 #endif
 
 #ifdef __sun
 #define BIG_ENDIAN      4321
 #define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
 
-#ifdef HAVE_COMPAT_H
+#ifndef __SVR4
+/* compat.h is only in 4.1.3 machines. - dp */
 #include <compat.h>
 #endif
 
 /* XXX - dp
  * Need to find a general way of defining endian-ness in SunOS 5.3
  * SunOS 5.4 defines _BIG_ENDIAN and _LITTLE_ENDIAN
  * SunOS 5.3 does nothing like this.
  */
 
 #ifndef BYTE_ORDER
 
 #if defined(_BIG_ENDIAN)
 #define BYTE_ORDER BIG_ENDIAN
 #elif defined(_LITTLE_ENDIAN)
 #define BYTE_ORDER LITTLE_ENDIAN
-#elif !defined(SVR4)
+#elif !defined(__SVR4)
 /* 4.1.3 is always BIG_ENDIAN as it was released only on sparc platforms. */
 #define BYTE_ORDER BIG_ENDIAN
 #elif !defined(vax) && !defined(ntohl) && !defined(lint) && !defined(i386)
 /* 5.3 big endian. Copied this above line from sys/byteorder.h */
 /* Now we are in a 5.3 SunOS rather non 5.4 or above SunOS  */
 #define BYTE_ORDER BIG_ENDIAN
 #else
 #define BYTE_ORDER LITTLE_ENDIAN
 #endif
 
 #endif /* !BYTE_ORDER */
 #endif /* __sun */
 
+#if defined(__hpux) || defined(__hppa)
+#define BYTE_ORDER BIG_ENDIAN
+#define BIG_ENDIAN      4321
+#define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
+#endif
+
+#if defined(AIXV3) || defined(AIX)
+/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
+#include <sys/machine.h>
+#endif
+
+/* Digital Unix */
+#ifdef __osf__
+#include <machine/endian.h>
+#endif
+
+#ifdef __alpha
+#ifndef WIN32
+#else
+/* Alpha NT */
+#define BYTE_ORDER LITTLE_ENDIAN
+#define BIG_ENDIAN      4321
+#define LITTLE_ENDIAN   1234 
+#endif
+#endif
+
 #ifdef NCR
 #include <sys/endian.h>
 #endif
 
 #ifdef __QNX__
 #define LITTLE_ENDIAN	1234
 #define BIG_ENDIAN	4321
 #define BYTE_ORDER	LITTLE_ENDIAN
 #endif
 
-#ifdef SCO
-#include <sys/bitypes.h>
-#define MAXPATHLEN 	1024              
-#endif
-
 #ifdef SNI
 /* #include <sys/hetero.h> */
 #define BYTE_ORDER BIG_ENDIAN
 #define BIG_ENDIAN      4321
 #define LITTLE_ENDIAN   1234
 #endif
 
+#if defined(_WINDOWS) || defined(XP_OS2)
+#ifdef BYTE_ORDER
+#undef BYTE_ORDER
+#endif
+
+#define BYTE_ORDER LITTLE_ENDIAN
+#define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
+#define BIG_ENDIAN      4321
+#endif
+
+#ifdef macintosh
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234
+#define BYTE_ORDER BIG_ENDIAN
+#endif
+
+#endif  /* __DBINTERFACE_PRIVATE */
+
+#ifdef SCO
+#define MAXPATHLEN 	1024              
+#endif
+
 #ifdef macintosh
 #include <unix.h>
 #else
 #include <fcntl.h>
 #endif
 
 #if defined(_WINDOWS) || defined(XP_OS2)
 #include <stdio.h>
 #include <io.h>
-#include <limits.h>
 
 #ifndef XP_OS2 
 #define MAXPATHLEN 	1024               
 #else
 #include <dirent.h>
 #endif
 
 #define	EFTYPE		EINVAL		/* POSIX 1003.1 format errno. */
@@ -165,93 +230,53 @@
 #define	STDIN_FILENO	0		/* ANSI C #defines */
 #define	STDOUT_FILENO	1
 #define	STDERR_FILENO	2
 #endif
 
 #ifndef O_ACCMODE			/* POSIX 1003.1 access mode mask. */
 #define	O_ACCMODE	(O_RDONLY|O_WRONLY|O_RDWR)
 #endif
-
-#ifdef BYTE_ORDER
-#undef BYTE_ORDER
 #endif
 
-#define BYTE_ORDER LITTLE_ENDIAN
-#define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
-#define BIG_ENDIAN      4321
-#endif
-
-#if defined(_WINDOWS) && !defined(_WIN32)
-/* 16 bit windows defines */
-#define	MAX_PAGE_NUMBER	0xffffffff	/* >= # of pages in a file */
-#endif
-
-
 #ifdef macintosh
 #include <stdio.h>
 #include "xp_mcom.h"
-#define BIG_ENDIAN 4321
-#define LITTLE_ENDIAN 1234
-#define BYTE_ORDER BIG_ENDIAN
 #define O_ACCMODE       3       /* Mask for file access modes */
 #define EFTYPE 2000
 XP_BEGIN_PROTOS
 int mkstemp(const char *path);
 XP_END_PROTOS
 #endif	/* MACINTOSH */
 
-#if defined(XP_OS2)
-/* #include <xp_mcom.h> */
-/* XP_BEGIN_PROTOS */
-/* int mkstemp(char *path); */
-/* XP_END_PROTOS */
-#endif
-
-#ifndef macintosh
-#include <sys/types.h>
-#endif
-
 #if !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2)
 #include <sys/stat.h>
 #include <errno.h>
 #endif
 
-#ifndef HAVE_SYS_CDEFS_H
-#include "cdefs.h"
-#endif
-
-#ifndef _WINDOWS  /* included above to prevent spurious warnings chouck 12-Sep-95 */
-#include <limits.h>
+/* define EFTYPE since most don't */
+#ifndef EFTYPE
+#define EFTYPE      EINVAL      /* POSIX 1003.1 format errno. */
 #endif
 
 #define	RET_ERROR	-1		/* Return values. */
 #define	RET_SUCCESS	 0
 #define	RET_SPECIAL	 1
 
-#if defined(__386BSD__) || defined(SCO)
-#define	__BIT_TYPES_DEFINED__
-#endif
-
 #define	MAX_PAGE_NUMBER	0xffffffff	/* >= # of pages in a file */
 
 #ifndef __sgi
 typedef uint32	pgno_t;
 #endif
 
 #define	MAX_PAGE_OFFSET	65535		/* >= # of bytes in a page */
 typedef uint16	indx_t;
 #define	MAX_REC_NUMBER	0xffffffff	/* >= # of records in a tree */
 typedef uint32	recno_t;
 
-/* define EFTYPE since most don't */
-#ifndef EFTYPE
-#define EFTYPE      EINVAL      /* POSIX 1003.1 format errno. */
-#endif
-
 /* Key/data structure -- a Data-Base Thang. */
 typedef struct {
 	void	*data;			/* data */
 	size_t	 size;			/* data length */
 } DBT;
 
 /* Routine flags. */
 #define	R_CURSOR	1		/* del, put, seq */
@@ -347,17 +372,17 @@ typedef struct {
 	uint	cachesize;	/* bytes to cache */
 	uint	psize;		/* page size */
 	int	lorder;		/* byte order */
 	size_t	reclen;		/* record length (fixed-length records) */
 	uint8	bval;		/* delimiting byte (variable-length records */
 	char	*bfname;	/* btree file name */ 
 } RECNOINFO;
 
-/* #ifdef __DBINTERFACE_PRIVATE */
+#ifdef __DBINTERFACE_PRIVATE
 /*
  * Little endian <==> big endian 32-bit swap macros.
  *	M_32_SWAP	swap a memory location
  *	P_32_SWAP	swap a referenced memory location
  *	P_32_COPY	swap from one location to another
  */
 #define	M_32_SWAP(a) {							\
 	uint32 _tmp = a;						\
@@ -395,59 +420,33 @@ typedef struct {
 	uint16 _tmp = *(uint16 *)a;				\
 	((char *)a)[0] = ((char *)&_tmp)[1];				\
 	((char *)a)[1] = ((char *)&_tmp)[0];				\
 }
 #define	P_16_COPY(a, b) {						\
 	((char *)&(b))[0] = ((char *)&(a))[1];				\
 	((char *)&(b))[1] = ((char *)&(a))[0];				\
 }
-/* #endif */
+#endif
 
-__BEGIN_DECLS
+PR_BEGIN_EXTERN_C
 #if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__)
 extern DB *
 #else
 PR_EXTERN(DB *)
 #endif
 dbopen (const char *, int, int, DBTYPE, const void *);
 
 /* set or unset a global lock flag to disable the
  * opening of any DBM file
  */
 void dbSetOrClearDBLock(DBLockFlagEnum type);
 
-/* #ifdef __DBINTERFACE_PRIVATE */
+#ifdef __DBINTERFACE_PRIVATE
 DB	*__bt_open (const char *, int, int, const BTREEINFO *, int);
 DB	*__hash_open (const char *, int, int, const HASHINFO *, int);
 DB	*__rec_open (const char *, int, int, const RECNOINFO *, int);
 void	 __dbpanic (DB *dbp);
-/* #endif */
-
-__END_DECLS
-
-#if defined(__hpux) || defined(__hppa)
-#define BYTE_ORDER BIG_ENDIAN
-#define BIG_ENDIAN      4321
-#define LITTLE_ENDIAN   1234            /* LSB first: i386, vax, all NT risc */
-#endif
-
-#if defined(AIXV3) || defined(AIX)
-/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
-#include <sys/machine.h>
 #endif
 
-/* Digital Unix */
-#ifdef __osf__
-#include <machine/endian.h>
-#endif
-
-#ifdef __alpha
-#ifndef WIN32
-#else
-/* Alpha NT */
-#define BYTE_ORDER LITTLE_ENDIAN
-#define BIG_ENDIAN      4321
-#define LITTLE_ENDIAN   1234 
-#endif
-#endif
+PR_END_EXTERN_C
 
 #endif /* !_DB_H_ */
--- a/dbm/include/ncompat.h
+++ b/dbm/include/ncompat.h
@@ -66,17 +66,17 @@ typedef	int		ssize_t;	/* POSIX names. */
 #if 0					/* POSIX 1003.1 signal mask type. */
 typedef unsigned int	sigset_t;
 #endif
 
 /*
  * If your system's vsprintf returns a char *, not an int,
  * change the 0 to a 1.
  */
-#if defined (__sun) && !defined(SVR4) /* SUNOS */
+#if defined (__sun) && !defined(__SVR4) /* SUNOS */
 #define	VSPRINTF_CHARSTAR
 #endif
 /*
  * If you don't have POSIX 1003.1 signals, the signal code surrounding the 
  * temporary file creation is intended to block all of the possible signals
  * long enough to create the file and unlink it.  All of this stuff is
  * intended to use old-style BSD calls to fake POSIX 1003.1 calls.
  */
--- a/dbm/include/nsres.h
+++ b/dbm/include/nsres.h
@@ -1,11 +1,10 @@
 #ifndef NSRES_H
 #define NSRES_H
-#include "cdefs.h"
 #include "mcom_db.h"
 
 __BEGIN_DECLS
 
 /* C version */
 #define NSRESHANDLE void *
 
 typedef void (*NSRESTHREADFUNC)(void *);
--- a/dbm/macbuild/DBMConfig.h
+++ b/dbm/macbuild/DBMConfig.h
@@ -15,9 +15,9 @@
  * The Initial Developer of the Original Code is Netscape
  * Communications Corporation.  Portions created by Netscape are
  * Copyright (C) 1998 Netscape Communications Corporation. All
  * Rights Reserved.
  *
  * Contributor(s): 
  */
 
-/* Nothing to do here. If you need DBM-specific defines, put them here */
+#define __DBINTERFACE_PRIVATE 1
--- a/dbm/src/Makefile.win
+++ b/dbm/src/Makefile.win
@@ -83,14 +83,14 @@ LINCS = -I..\include
 
 #//------------------------------------------------------------------------
 #//
 #// Include the common makefile rules
 #//
 #//------------------------------------------------------------------------
 include <$(DEPTH)/config/rules.mak>
 
-CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT
+CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT -D__DBINTERFACE_PRIVATE
 
 install:: $(LIBRARY)
     $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
 
 
--- a/dbm/src/h_bigkey.c
+++ b/dbm/src/h_bigkey.c
@@ -424,17 +424,17 @@ extern int
 						hashp->cpage = NULL;
 					}
 				}
 			}
 			return (0);
 		}
 
 	val->size = collect_data(hashp, bufp, (int)len, set_current);
-	if ((val->size + 1) == 0) /* unsigned ints are not really negative */
+	if (val->size == (size_t)-1)
 		return (-1);
 	if (save_p->addr != save_addr) {
 		/* We are pretty short on buffers. */
 		errno = EINVAL;			/* OUT OF BUFFERS */
 		return (-1);
 	}
 	memmove(hashp->tmp_buf, (save_p->page) + off, len);
 	val->data = (uint8 *)hashp->tmp_buf;
@@ -510,17 +510,17 @@ collect_data(
 extern int
 __big_keydata(
 	HTAB *hashp, 
 	BUFHEAD *bufp, 
 	DBT *key, DBT *val,
 	int set)
 {
 	key->size = collect_key(hashp, bufp, 0, val, set);
-	if ((key->size + 1) == 0) /* same compile warning about comparing signed and unsigned */
+	if (key->size == (size_t)-1)
 		return (-1);
 	key->data = (uint8 *)hashp->tmp_key;
 	return (0);
 }
 
 /*
  * Count how big the total key size is by recursing through the pages.  Then
  * collect the data, allocate a buffer and copy the key as you recurse up.
--- a/dbm/src/h_page.c
+++ b/dbm/src/h_page.c
@@ -1161,17 +1161,17 @@ open_temp(HTAB *hashp)
 {
 #ifdef XP_OS2
  	hashp->fp = mkstemp(NULL);
 #else
 #if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
 	sigset_t set, oset;
 #endif
 	char * tmpdir;
-	int    len;
+	size_t len;
 	static const char namestr[] = "/_hashXXXXXX";
 	char filename[1024];
 	char last;
 
 #if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
 	/* Block signals; make sure file goes away at process exit. */
 	(void)sigfillset(&set);
 	(void)sigprocmask(SIG_BLOCK, &set, &oset);
--- a/dbm/src/hash.c
+++ b/dbm/src/hash.c
@@ -234,17 +234,17 @@ extern DB *
 			RETURN_ERROR(EFTYPE, error1);
 		/* Verify file type, versions and hash function */
 		if (hashp->MAGIC != HASHMAGIC)
 			RETURN_ERROR(EFTYPE, error1);
 #define	OLDHASHVERSION	1
 		if (hashp->VERSION != HASHVERSION &&
 		    hashp->VERSION != OLDHASHVERSION)
 			RETURN_ERROR(EFTYPE, error1);
-		if (hashp->hash(CHARKEY, sizeof(CHARKEY)) != (unsigned)hashp->H_CHARKEY)
+		if (hashp->hash(CHARKEY, sizeof(CHARKEY)) != hashp->H_CHARKEY)
 			RETURN_ERROR(EFTYPE, error1);
 		if (hashp->NKEYS < 0) {
 		    /*
 		    ** OOPS. Old bad database from previously busted
 		    ** code. Blow it away.
 		    */
 		    close(hashp->fp);
 		    if (remove(file) < 0) {
--- a/dbm/src/memmove.c
+++ b/dbm/src/memmove.c
@@ -1,9 +1,9 @@
-#if defined(__sun) && !defined(__svr4__)
+#if defined(__sun) && !defined(__SVR4)
 /*-
  * Copyright (c) 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
  * This code is derived from software contributed to Berkeley by
  * Chris Torek.
  *
  * Redistribution and use in source and binary forms, with or without
--- a/dbm/src/nsres.c
+++ b/dbm/src/nsres.c
@@ -1,19 +1,15 @@
 #include "watcomfx.h"
 
 #include "nsres.h"
 
 #include <stdio.h>
 
-#if defined(BSDI)||defined(RHAPSODY)
 #include <stdlib.h>
-#else
-#include <malloc.h>
-#endif
 
 #include <string.h>
 
 struct RESDATABASE
 {
 	DB *hdb;
 	NSRESTHREADINFO *threadinfo;
 	char * pbuf[MAXBUFNUM];
--- a/dbm/src/snprintf.c
+++ b/dbm/src/snprintf.c
@@ -1,19 +1,19 @@
 #ifndef HAVE_SNPRINTF
 
 #include "watcomfx.h"
 #include <sys/types.h>
 #include <stddef.h>
 #include <stdio.h>
 
-#if defined(_WINDOWS) || defined(SOLARIS) || defined(AIXV3) || defined(AIX) || defined(OSF1) || defined(NEC) || !defined(HAVE_SYS_CDEFS_H)
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#else
 #include "cdefs.h"
-#elif !defined(HPUX) && !defined(UNIXWARE) && !defined(SNI)
-#include <sys/cdefs.h>
 #endif
 
 #include "prtypes.h"
 
 #include <ncompat.h>
 
 /* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */
 #if defined(__STDC__) || defined(XP_OS2_VACPP)
--- a/dbm/tests/Makefile.in
+++ b/dbm/tests/Makefile.in
@@ -28,19 +28,15 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= dbm
 PROGRAM		= lots$(BIN_SUFFIX)
 
 CSRCS		= lots.c
 
 EXTRA_DSO_LIBS	= mozdbm_s
 
-ifeq ($(MOZ_OS2_TOOLS),VACPP)
-LIBS		= $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX)
-else
 LIBS		= $(EXTRA_DSO_LIBS)
-endif
 
 include $(topsrcdir)/config/rules.mk
 
 ifeq ($(OS_ARCH), Linux)
 DEFINES         += -D_BSD_SOURCE
 endif
--- a/dbm/tests/lots.c
+++ b/dbm/tests/lots.c
@@ -1,29 +1,45 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: NPL 1.1/GPL 2.0/LGPL 2.1
  *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
+ * The contents of this file are subject to the Netscape Public License
+ * Version 1.1 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/NPL/
  *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
  *
  * The Original Code is mozilla.org code.
  *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
+ * The Initial Developer of the Original Code is 
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
  *
- * Contributor(s): 
- */
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the NPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the NPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
 
 /* use sequental numbers printed to strings
  * to store lots and lots of entries in the
  * database.
  *
  * Start with 100 entries, put them and then
  * read them out.  Then delete the first
  * half and verify that all of the first half
new file mode 100644
--- /dev/null
+++ b/security/coreconf/HP-UXB.11.11.mk
@@ -0,0 +1,55 @@
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 2001 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+# On HP-UX 10.30 and 11.x, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+#
+
+ifeq ($(OS_RELEASE),B.11.11)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# To use the true pthread (kernel thread) library on 10.30 and
+# 11.x, we should define _POSIX_C_SOURCE to be 199506L.
+# The _REENTRANT macro is deprecated.
+#
+
+ifdef USE_PTHREADS
+	OS_CFLAGS	+= -D_POSIX_C_SOURCE=199506L
+endif
+
+#
+# Config stuff for HP-UXB.11.11.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
--- a/security/coreconf/Linux.mk
+++ b/security/coreconf/Linux.mk
@@ -65,23 +65,28 @@ else
 ifeq ($(OS_TEST),sparc)
 	OS_REL_CFLAGS   = -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH        = sparc
 else
 ifeq ($(OS_TEST),sparc64)
 	OS_REL_CFLAGS   = -DLINUX1_2 -D_XOPEN_SOURCE
 	CPU_ARCH        = sparc
 else
+ifeq (,$(filter-out arm% sa110,$(OS_TEST)))
+	OS_REL_CFLAGS   = -DLINUX1_2 -D_XOPEN_SOURCE
+	CPU_ARCH        = arm
+else
 	OS_REL_CFLAGS	= -DLINUX1_2 -Di386 -D_XOPEN_SOURCE
 	CPU_ARCH	= x86
 endif
 endif
 endif
 endif
 endif
+endif
 
 
 LIBC_TAG		= _glibc
 
 ifeq ($(OS_RELEASE),2.0)
 	OS_REL_CFLAGS	+= -DLINUX2_0
 	MKSHLIB		= $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
 	ifdef BUILD_OPT
--- a/security/coreconf/NetBSD.mk
+++ b/security/coreconf/NetBSD.mk
@@ -35,18 +35,21 @@
 
 include $(CORE_DEPTH)/coreconf/UNIX.mk
 
 DEFAULT_COMPILER	= gcc
 CC			= gcc
 CCC			= g++
 RANLIB			= ranlib
 
+CPU_ARCH		:= $(shell uname -p)
+ifeq ($(CPU_ARCH),i386)
 OS_REL_CFLAGS		= -Di386
 CPU_ARCH		= x86
+endif
 
 ifndef OBJECT_FMT
 OBJECT_FMT		:= $(shell if echo __ELF__ | $${CC:-cc} -E - | grep -q __ELF__ ; then echo a.out ; else echo ELF ; fi)
 endif
 
 ifeq ($(OBJECT_FMT),ELF)
 DLL_SUFFIX		= so
 else
--- a/security/coreconf/OpenVMS.mk
+++ b/security/coreconf/OpenVMS.mk
@@ -48,9 +48,9 @@ endif
 # XCFLAGS are the only CFLAGS that are used during a link operation. Defining
 # OPTIMIZER in XCFLAGS means that each compilation line gets OPTIMIZER
 # included twice, but at least we get OPTIMIZER included in the link
 # operations; and OpenVMS needs it!
 #
 XCFLAGS                        += $(OPTIMIZER)
 
 # The command to build a shared library in POSIX on OpenVMS.
-MKSHLIB = vmsld_psm $(OPTIMIZER)
+MKSHLIB = vmsld_psm OBJDIR=$(OBJDIR) $(OPTIMIZER)
--- a/security/coreconf/command.mk
+++ b/security/coreconf/command.mk
@@ -37,17 +37,17 @@
 #######################################################################
 
 AS            = $(CC)
 ASFLAGS      += $(CFLAGS)
 CCF           = $(CC) $(CFLAGS)
 LINK_DLL      = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS)
 LINK_EXE      = $(LINK) $(OS_LFLAGS) $(LFLAGS)
 NFSPWD        = $(NSINSTALL_DIR)/nfspwd
-CFLAGS       += $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
+CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
 		$(XCFLAGS)
 RANLIB        = echo
 TAR           = /bin/tar
 #
 # For purify
 #
 NOMD_CFLAGS  += $(OPTIMIZER) $(NOMD_OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \
 		$(XCFLAGS)
--- a/security/coreconf/tree.mk
+++ b/security/coreconf/tree.mk
@@ -48,43 +48,43 @@ ifndef RELEASE_TREE
 	else
 		RELEASE_TREE = /share/builds/components
 	endif
 		ifeq ($(OS_TARGET), WINNT)
 		ifdef BUILD_SHIP
 			ifdef USE_SHIPS
 				RELEASE_TREE = $(NTBUILD_SHIP)
 			else
-				RELEASE_TREE = //blds-sca15a/components
+				RELEASE_TREE = //redbuild/components
 			endif
 		else
-			RELEASE_TREE = //blds-sca15a/components
+			RELEASE_TREE = //redbuild/components
 		endif
 		endif
 	
 	ifeq ($(OS_TARGET), WIN95)
 		ifdef BUILD_SHIP
 			ifdef USE_SHIPS
 				RELEASE_TREE = $(NTBUILD_SHIP)
 			else
-				RELEASE_TREE = //blds-sca15a/components
+				RELEASE_TREE = //redbuild/components
 			endif
 		else
-			RELEASE_TREE = //blds-sca15a/components
+			RELEASE_TREE = //redbuild/components
 		endif
 	endif
 	ifeq ($(OS_TARGET), WIN16)
 	ifdef BUILD_SHIP
 		ifdef USE_SHIPS
 			RELEASE_TREE = $(NTBUILD_SHIP)
 		else
-			RELEASE_TREE = //blds-sca15a/components
+			RELEASE_TREE = //redbuild/components
 		endif
 	else
-		RELEASE_TREE = //blds-sca15a/components
+		RELEASE_TREE = //redbuild/components
 	endif
 	endif
 endif
 
 #
 # NOTE:  export control policy enforced for XP and MD files
 #        released to the binary release tree
 #
deleted file mode 100644
--- a/security/dbm/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-coreconf_hack:
-	cd ../coreconf; gmake
-	gmake import
-
-RelEng_bld: coreconf_hack
-	gmake
deleted file mode 100644
--- a/security/dbm/include/Makefile
+++ /dev/null
@@ -1,86 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-DBM_SRCS = $(EXPORTS) $(PRIVATE_EXPORTS) watcomfx.h
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
-echo::
-	echo "$(DBM_SRCS)"
deleted file mode 100644
--- a/security/dbm/include/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/include
-
-MODULE = dbm
-
-EXPORTS =	nsres.h   \
-		cdefs.h   \
-		mcom_db.h \
-		ncompat.h \
-		winfile.h \
-		$(NULL)
-
-PRIVATE_EXPORTS =	hsearch.h \
-			page.h    \
-			extern.h  \
-			ndbm.h    \
-			queue.h   \
-			hash.h    \
-			mpool.h   \
-			search.h  \
-			$(NULL)
-
deleted file mode 100644
--- a/security/dbm/manifest.mn
+++ /dev/null
@@ -1,46 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ..
-
-MODULE = dbm
-
-#IMPORTS = nspr20/v3.5
-IMPORTS = nspr20/v4.0
-
-RELEASE = dbm
-
-DIRS =  include \
-        src     \
-	$(NULL)
deleted file mode 100644
--- a/security/dbm/src/Makefile
+++ /dev/null
@@ -1,85 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-
-DBM_SRCS = $(CSRCS)
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
-echo::
-	echo "$(DBM_SRCS)"
deleted file mode 100644
--- a/security/dbm/src/config.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) -DNSPR20=1
-
-INCLUDES += -I../include
-INCLUDES += -I$(CORE_DEPTH)/../dbm/include
-
-#
-#  Currently, override TARGETS variable so that only static libraries
-#  are specifed as dependencies within rules.mk.
-#
-
-TARGETS        = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY   =
-PROGRAM        =
-
-ifdef SHARED_LIBRARY
-	ifeq ($(OS_ARCH),WINNT)
-		ifneq ($(OS_TARGET),WIN16)
-			DLLBASE=/BASE:0x30000000
-			RES=$(OBJDIR)/dbm.res
-			RESNAME=../include/dbm.rc
-		endif
-	endif
-	ifeq ($(DLL_SUFFIX),dll)
-		DEFINES += -D_DLL
-	endif
-endif
-
-ifeq ($(OS_ARCH),AIX)
-	OS_LIBS += -lc_r
-endif
deleted file mode 100644
--- a/security/dbm/src/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH  = $(CORE_DEPTH)/../dbm/src
-
-MODULE = dbm
-
-CSRCS = db.c	   \
-	h_bigkey.c \
-	h_func.c   \
-	h_log2.c   \
-	h_page.c   \
-	hash.c	   \
-	hash_buf.c \
-	hsearch.c  \
-	memmove.c  \
-	mktemp.c   \
-	ndbm.c	   \
-#	snprintf.c \
-	strerror.c \
-	nsres.c	   \
-	$(NULL)
-
-LIBRARY_NAME = dbm
deleted file mode 100644
--- a/security/dbm/tests/Makefile
+++ /dev/null
@@ -1,125 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-DEPTH		= ../..
-CORE_DEPTH	= ../..
-
-VPATH		= $(CORE_DEPTH)/../dbm/tests
-
-MODULE		= dbm
-
-CSRCS		= lots.c
-
-PROGRAM		= lots
-
-include $(DEPTH)/coreconf/config.mk
-
-ifeq ($(OS_ARCH),WINNT)
-DEFINES		+= -DSTDARG -DSTDC_HEADERS
-LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
-else
-LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
-endif
-
-ifeq ($(OS_ARCH),AIX)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),BSD_386)
-CFLAGS		+= -g -I../../../include -DXP_UNIX -g -DBSDI -DHAVE_STRERROR -D__386BSD__ -DDEBUG -DMEMMOVE -D__DBINTERFACE_PRIVATE 
-endif
-
-ifeq ($(OS_ARCH),FreeBSD)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),HP-UX)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),IRIX)
-CFLAGS		+= -g -I../../../include -DDEBUG -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),OSF1)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),Linux)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),NCR)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),SCO_SV)
-CFLAGS		+= -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),SunOS)
-CFLAGS		+= -g -I../../../include -D_sun_
-endif
-
-ifeq ($(OS_ARCH),UNIXWARE)
-CFLAGS		+= -DSTDARG
-endif
-
-INCLUDES	+= -I../include
-INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
-
-LDFLAGS		= $(LDOPTS) $(LIBDBM)
-
-include $(DEPTH)/coreconf/rules.mk
-
-lots.pure: lots
-	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
-
-crash: crash.o $(MYLIBS)
-	$(CC) -o crash $(CFLAGS) $^
-
-crash.pure: crash.o $(MYLIBS)
-	purify $(CC) -o crash.pure $(CFLAGS) $^
-
-
-
-DBM_SRCS = $(CSRCS)
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -964,16 +964,17 @@ ListModules(void)
 }
 
 static void 
 Usage(char *progName)
 {
 #define FPS fprintf(stderr, 
     FPS "Type %s -H for more detailed descriptions\n", progName);
     FPS "Usage:  %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName);
+    FPS "Usage:  %s -T [-d certdir] [-P dbprefix] [-h token-name] [-f pwfile]\n", progName);
     FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 
     	progName);
     FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
 	"\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
         "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-1] [-2] [-3] [-4] [-5] [-6]\n",
 	progName);
     FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 
@@ -1155,16 +1156,26 @@ static void LongUsage(char *progName)
     FPS "%-15s Create a new certificate database\n",
 	"-N");
     FPS "%-20s Cert database directory (default is ~/.netscape)\n",
 	"   -d certdir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
     FPS "\n");
 
+    FPS "%-15s Reset the Key database or token\n",
+	"-T");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+	"   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+	"   -P dbprefix");
+    FPS "%-20s Token to reset (default is internal)\n"
+	"   -h token-name");
+    FPS "\n");
+
     FPS "%-15s Generate a certificate request (stdout)\n",
 	"-R");
     FPS "%-20s Specify the subject name (using RFC1485)\n",
 	"   -s subject");
     FPS "%-20s Output the cert request to this file\n",
 	"   -o output-req");
     FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
 	"   -k key-type");
@@ -2031,25 +2042,27 @@ enum {
     cmd_GenKeyPair,
     cmd_PrintHelp,
     cmd_ListKeys,
     cmd_ListCerts,
     cmd_ModifyCertTrust,
     cmd_NewDBs,
     cmd_CertReq,
     cmd_CreateAndAddCert,
+    cmd_TokenReset,
     cmd_ListModules,
     cmd_CheckCertValidity,
     cmd_ChangePassword,
     cmd_Version
 };
 
 /*  Certutil options */
 enum {
-    opt_AddKeyUsageExt = 0,
+    opt_SSOPass = 0,
+    opt_AddKeyUsageExt,
     opt_AddBasicConstraintExt,
     opt_AddAuthorityKeyIDExt,
     opt_AddCRLDistPtsExt,
     opt_AddNSCertTypeExt,
     opt_AddExtKeyUsageExt,
     opt_ASCIIForIO,
     opt_ValidityTime,
     opt_IssuerName,
@@ -2089,24 +2102,26 @@ static secuCommandFlag certutil_commands
 	{ /* cmd_GenKeyPair          */  'G', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_PrintHelp           */  'H', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListKeys            */  'K', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListCerts           */  'L', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ModifyCertTrust     */  'M', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_NewDBs              */  'N', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CertReq             */  'R', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CreateAndAddCert    */  'S', PR_FALSE, 0, PR_FALSE },
+	{ /* cmd_TokenReset          */  'T', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ListModules         */  'U', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_CheckCertValidity   */  'V', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_ChangePassword      */  'W', PR_FALSE, 0, PR_FALSE },
 	{ /* cmd_Version             */  'Y', PR_FALSE, 0, PR_FALSE }
 };
 
 static secuCommandFlag certutil_options[] =
 {
+	{ /* opt_SSOPass             */  '0', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_AddKeyUsageExt      */  '1', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddAuthorityKeyIDExt*/  '3', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddCRLDistPtsExt    */  '4', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddNSCertTypeExt    */  '5', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_AddExtKeyUsageExt   */  '6', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_ASCIIForIO          */  'a', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_ValidityTime        */  'b', PR_TRUE,  0, PR_FALSE },
@@ -2530,16 +2545,27 @@ main(int argc, char **argv)
 	                           certutil.options[opt_Trust].arg);
 	return !rv - 1;
     }
     /*  Change key db password (-W) (future - change pw to slot?)  */
     if (certutil.commands[cmd_ChangePassword].activated) {
 	rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
 	return !rv - 1;
     }
+    /*  Reset the a token */
+    if (certutil.commands[cmd_TokenReset].activated) {
+	char *sso_pass = "";
+
+	if (certutil.options[opt_SSOPass].activated) {
+	    sso_pass = certutil.options[opt_SSOPass].arg;
+ 	}
+	rv = PK11_ResetToken(slot,sso_pass);
+
+	return !rv - 1;
+    }
     /*  Check cert validity against current time (-V)  */
     if (certutil.commands[cmd_CheckCertValidity].activated) {
 	rv = ValidateCert(certHandle, name, 
 	                  certutil.options[opt_ValidityTime].arg,
 			  certutil.options[opt_Usage].arg,
 			  certutil.options[opt_VerifySig].activated,
 			  certutil.options[opt_DetailedInfo].activated);
 	return !rv - 1;
--- a/security/nss/cmd/signtool/list.c
+++ b/security/nss/cmd/signtool/list.c
@@ -41,16 +41,17 @@ static SECStatus cert_trav_callback(CERT
 
 /*********************************************************************
  *
  * L i s t C e r t s
  */
 int
 ListCerts(char *key, int list_certs)
 {
+	int failed = 0;
 	SECStatus rv;
 	char *ugly_list;
 	CERTCertDBHandle *db;
 
 	CERTCertificate *cert;
 	CERTVerifyLog errlog;
 
 	errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -80,34 +81,40 @@ ListCerts(char *key, int list_certs)
 	}
 
 	num_trav_certs = 0;
 
 	/* Traverse non-internal DBs */
 	rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs,
 		NULL /*wincx*/);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
+		return -1;
+	}
+
 	/* Traverse Internal DB */
 	rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of internal DB failed**\n");
+		return -1;
+	}
+
 	if (num_trav_certs == 0) {
 		PR_fprintf(outputFD,
 			"You don't appear to have any object signing certificates.\n");
 	}
 
 	if (list_certs == 2) {
 		PR_fprintf(outputFD, "- ------------\n");
 	} else {
 		PR_fprintf(outputFD, "---------------------------------------\n");
 	}
 
-	if (rv) {
-		return -1;
-	}
-
 	if (list_certs == 1) {
 		PR_fprintf(outputFD,
 			"For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
 	}
 
 	if(list_certs == 2) {
 		PR_fprintf(outputFD,
 			"Certificates that can be used to sign objects have *'s to "
@@ -136,41 +143,43 @@ ListCerts(char *key, int list_certs)
 			} else {
 				PR_fprintf(outputFD, "This certificate is not expired.\n");
 			}
 
 			rv = CERT_VerifyCert (db, cert, PR_TRUE,
 			certUsageObjectSigner, PR_Now(), NULL, &errlog);
 
 			if (rv != SECSuccess) {
+				failed = 1;
 				if(errlog.count > 0) {
 					PR_fprintf(outputFD,
 						"**Certificate validation failed for the "
 					 "following reason(s):**\n");
 				} else {
 					PR_fprintf(outputFD, "**Certificate validation failed**");
 				}
 			} else {
 				PR_fprintf(outputFD, "This certificate is valid.\n");
 			}
 			displayVerifyLog(&errlog);
 
 
 		} else {
+			failed = 1;
 			PR_fprintf(outputFD,
 				"The certificate with nickname \"%s\" was NOT FOUND\n",
 			 key);
 		}
     }
 
 	if(errlog.arena != NULL) {
 		PORT_FreeArena(errlog.arena, PR_FALSE);
 	}
 
-	if (rv != SECSuccess) {
+	if (failed) {
 		return -1;
 	}
 	return 0;
 }
 
 /********************************************************************
  *
  * c e r t _ t r a v _ c a l l b a c k
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -163,16 +163,18 @@ sign_all_arc_fn(char *relpath, char *bas
 	SignArcInfo *infop = (SignArcInfo*)arg;
 
 	/* Make sure there is one and only one ".arc" in the relative path, 
 	 * and that it is at the end of the path (don't sign .arcs within .arcs) */
 	if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
 		 (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
 
 		if(!infop) {
+			PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+			errorCount++;
 			retval = -1;
 			goto finish;
 		}
 		archive = PR_smprintf("%s/%s", basedir, relpath);
 
 		zipfile = PL_strdup(archive);
 		arc = PORT_Strrchr (zipfile, '.');
 
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -69,16 +69,17 @@ VerifyJar(char *filename)
 
   JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
 
 
   status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     if (status < 0)
       {
       char *errtext;
 
       if (status >= JAR_BASE && status <= JAR_BASE_END)
         {
         errtext = JAR_get_error (status);
@@ -88,17 +89,17 @@ VerifyJar(char *filename)
         errtext = SECU_ErrorString ((int16) PORT_GetError());
         }
 
       PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
  
       /* corrupt files should not have their contents listed */ 
 
       if (status == JAR_ERR_CORRUPT)
-        return status;
+        return -1;
       }
     PR_fprintf(outputFD,
 		"entries shown below will have their digests checked only.\n"); 
     jar->valid = 0;
     }
   else
     PR_fprintf(outputFD,
 		"archive \"%s\" has passed crypto verification.\n", filename);
@@ -135,27 +136,26 @@ VerifyJar(char *filename)
         PR_fprintf(outputFD, "      (reason: %s)\n", JAR_get_error (ret));
       }
     }
 
   JAR_find_end (ctx);
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD,
 		"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     give_help (status);
     }
 
   JAR_destroy (jar);
 
-  if (status < 0)
-    return status;
-  if (jar->valid < 0 || failed)
-    return ERRX;
+  if (failed)
+    return -1;
   return 0;
 }
 
 /***************************************************************************
  *
  * v e r i f y _ g l o b a l
  */
 static int
@@ -350,17 +350,20 @@ JarWho(char *filename)
       if (cert->nickname) 
         PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
       if (cert->subjectName)
         PR_fprintf(outputFD, "subject name: %s\n", cert->subjectName);
       if (cert->issuerName)
         PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
       }
     else
+      {
       PR_fprintf(outputFD, "no certificate could be found\n");
+      retval = -1;
+      }
 
     prev = cert;
     }
 
   JAR_find_end (ctx);
 
   JAR_destroy (jar);
   return retval;
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -628,17 +628,17 @@ int main(int argc, char **argv)
 		PRINTF("%s: Writing %d bytes to server\n", progName, nb);
 		do {
 		    PRInt32 cc = PR_Write(s, bufp, nb);
 		    if (cc < 0) {
 		    	PRErrorCode err = PR_GetError();
 			if (err != PR_WOULD_BLOCK_ERROR) {
 			    SECU_PrintError(progName, 
 			                    "write to SSL socket failed");
-			    error=2;
+			    error=254;
 			    goto done;
 			}
 			cc = 0;
 		    }
 		    bufp += cc;
 		    nb   -= cc;
 		    if (nb <= 0) 
 		    	break;
--- a/security/nss/lib/certdb/pcertdb.c
+++ b/security/nss/lib/certdb/pcertdb.c
@@ -7193,16 +7193,23 @@ CERT_SaveImportedCert(CERTCertificate *c
 		trust.emailFlags = CERTDB_VALID_PEER;
 	    }
 	    
 	    if ( certtype & NS_CERT_TYPE_OBJECT_SIGNING ) {
 		trust.objectSigningFlags = CERTDB_VALID_PEER;
 	    }
 	}
 	break;
+      case certUsageAnyCA:
+	trust.sslFlags = CERTDB_VALID_CA;
+	break;
+      case certUsageSSLCA:
+	trust.sslFlags = CERTDB_VALID_CA | 
+			CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA;
+	break;
       default:	/* XXX added to quiet warnings; no other cases needed? */
 	break;
     }
 
     if ( saveit ) {
 	if ( cert->isperm ) {
 	    /* Cert already in the DB.  Just adjust flags */
 	    tmptrust = *cert->trust;
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -1551,25 +1551,46 @@ done:
 
 loser:
     return(NULL);
 }
 
 CERTCertList *
 CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
 {
-    CERTCertList *chain;
+    CERTCertList *chain = NULL;
+
+    if (NULL == cert) {
+        return NULL;
+    }
+    
+    cert = CERT_DupCertificate(cert);
+    if (NULL == cert) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    chain = CERT_NewCertList();
+    if (NULL == chain) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
 
-    if (cert != NULL) {
-	chain = CERT_NewCertList();
-	cert = CERT_DupCertificate(cert);
-	while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) 
-	       != SECEqual) {
-	    CERT_AddCertToListTail(chain, cert);
-	    cert = CERT_FindCertIssuer(cert, time, usage);
+    while (cert != NULL) {
+	if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+            /* return partial chain */
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return chain;
+        }
+
+	if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
+	    == SECEqual) {
+            /* return complete chain */
+	    return chain;
 	}
-	CERT_AddCertToListTail(chain, cert);
-	return chain;
+
+	cert = CERT_FindCertIssuer(cert, time, usage);
     }
-    return NULL;
+
+    /* return partial chain */
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return chain;
 }
-
-
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -3699,16 +3699,22 @@ CERT_SetOCSPDefaultResponder(CERTCertDBH
     /*
      * Find the certificate for the specified nickname.  Do this first
      * because it seems the most likely to fail.
      *
      * XXX Shouldn't need that cast if the FindCertByNickname interface
      * used const to convey that it does not modify the name.  Maybe someday.
      */
     cert = CERT_FindCertByNickname(handle, (char *) name);
+    if (cert == NULL) {
+      /*
+       * look for the cert on an external token.
+       */
+      cert = PK11_FindCertFromNickname(name, NULL);
+    }
     if (cert == NULL)
 	return SECFailure;
 
     /*
      * Make a copy of the url and nickname.
      */
     url_copy = PORT_Strdup(url);
     name_copy = PORT_Strdup(name);
@@ -3826,16 +3832,20 @@ CERT_EnableOCSPDefaultResponder(CERTCert
 	return SECFailure;
     }
 
     /*
      * Find the cert for the nickname.
      */
     cert = CERT_FindCertByNickname(handle,
 				   statusContext->defaultResponderNickname);
+    if (cert == NULL) {
+        cert = PK11_FindCertFromNickname(statusContext->defaultResponderNickname,
+                                         NULL);
+    }
     /*
      * We should never have trouble finding the cert, because its
      * existence should have been proven by SetOCSPDefaultResponder.
      */
     PORT_Assert(cert != NULL);
     if (cert == NULL)
 	return SECFailure;
 
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -585,25 +585,37 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_178 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_179 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_180 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_181 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_182 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_183 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)178 }
+  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)179 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_netscape_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -3508,160 +3520,16 @@ static const NSSItem nss_builtins_items_
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
 static const NSSItem nss_builtins_items_60 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"E-Certify Internet ID", (PRUint32)22 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103"
-"\154\151\145\156\164"
-, (PRUint32)101 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103"
-"\154\151\145\156\164"
-, (PRUint32)101 },
-  { (void *)"\002"
-, (PRUint32)1 },
-  { (void *)"\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\002"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022"
-"\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151"
-"\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101"
-"\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060\044"
-"\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171"
-"\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103\154"
-"\151\145\156\164\060\036\027\015\071\070\061\060\061\066\061\063"
-"\063\064\060\070\132\027\015\060\063\061\060\061\066\061\063\063"
-"\064\060\070\132\060\143\061\013\060\011\006\003\125\004\006\023"
-"\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055"
-"\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013"
-"\023\017\122\123\101\040\107\157\154\144\040\103\154\151\145\156"
-"\164\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145"
-"\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157"
-"\154\144\040\103\154\151\145\156\164\060\134\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002"
-"\101\000\160\011\304\365\211\211\115\310\243\362\300\037\344\175"
-"\360\374\172\310\202\314\146\011\305\051\323\135\010\324\351\350"
-"\377\137\031\300\373\334\252\217\060\014\076\332\205\167\117\170"
-"\300\317\075\126\311\263\365\203\226\110\356\220\237\254\016\002"
-"\316\071\002\003\001\000\001\243\023\060\021\060\017\006\003\125"
-"\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011"
-"\052\206\110\206\367\015\001\001\004\005\000\003\101\000\035\222"
-"\327\114\344\014\326\373\112\075\351\341\302\037\000\367\121\374"
-"\361\076\370\312\304\361\043\210\217\320\116\177\247\214\173\177"
-"\004\102\133\367\046\132\264\343\121\162\110\045\125\317\157\360"
-"\377\003\313\301\331\031\000\364\370\371\364\273\030\126"
-, (PRUint32)462 }
-};
-static const NSSItem nss_builtins_items_61 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"E-Certify Internet ID", (PRUint32)22 },
-  { (void *)"\077\065\017\377\111\047\260\141\105\312\101\073\101\244\215\235"
-"\044\315\125\035"
-, (PRUint32)20 },
-  { (void *)"\374\012\336\152\227\076\143\333\122\302\131\003\010\060\141\042"
-, (PRUint32)16 },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_62 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"E-Certify Commerce ID", (PRUint32)22 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123"
-"\145\162\166\145\162"
-, (PRUint32)101 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123"
-"\145\162\166\145\162"
-, (PRUint32)101 },
-  { (void *)"\001"
-, (PRUint32)1 },
-  { (void *)"\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\001"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022"
-"\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151"
-"\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101"
-"\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060\044"
-"\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171"
-"\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123\145"
-"\162\166\145\162\060\036\027\015\071\070\061\060\061\066\061\063"
-"\063\067\065\063\132\027\015\060\063\061\060\061\066\061\063\063"
-"\067\065\063\132\060\143\061\013\060\011\006\003\125\004\006\023"
-"\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055"
-"\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013"
-"\023\017\122\123\101\040\107\157\154\144\040\123\145\162\166\145"
-"\162\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145"
-"\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157"
-"\154\144\040\123\145\162\166\145\162\060\134\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002"
-"\101\000\315\125\017\167\022\376\363\200\326\211\001\035\131\356"
-"\000\262\165\116\246\223\055\136\374\036\004\155\215\115\261\333"
-"\137\262\053\124\365\301\013\252\016\156\104\220\317\003\215\047"
-"\010\063\336\073\050\245\326\122\171\067\310\136\221\312\211\002"
-"\111\027\002\003\001\000\001\243\023\060\021\060\017\006\003\125"
-"\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011"
-"\052\206\110\206\367\015\001\001\004\005\000\003\101\000\164\365"
-"\045\172\071\347\203\020\377\011\173\160\316\054\326\166\341\117"
-"\174\064\172\210\005\060\362\007\213\021\244\071\215\164\173\246"
-"\373\172\346\340\006\055\316\160\161\033\230\104\112\023\274\365"
-"\267\026\213\174\211\264\022\023\032\344\321\016\163\052"
-, (PRUint32)462 }
-};
-static const NSSItem nss_builtins_items_63 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"E-Certify Commerce ID", (PRUint32)22 },
-  { (void *)"\077\025\014\145\325\170\211\025\237\031\377\341\041\331\311\115"
-"\150\032\031\205"
-, (PRUint32)20 },
-  { (void *)"\265\302\221\035\163\344\353\371\326\123\300\004\343\077\243\215"
-, (PRUint32)16 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_64 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
 "\147\156\054\040\111\156\143\056\061\067\060\065\006\003\125\004"
 "\013\023\056\103\154\141\163\163\040\061\040\120\165\142\154\151"
 "\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146"
 "\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164"
@@ -3713,32 +3581,32 @@ static const NSSItem nss_builtins_items_
 "\220\222\166\371\342\274\112\351\217\315\240\200\012\367\305\051"
 "\361\202\042\135\270\261\335\201\043\243\173\045\025\106\060\171"
 "\026\370\352\005\113\224\177\035\302\034\310\343\267\364\020\100"
 "\074\023\303\137\037\123\350\110\344\206\264\173\241\065\260\173"
 "\045\272\270\323\216\253\077\070\235\000\064\000\230\363\321\161"
 "\224"
 , (PRUint32)577 }
 };
-static const NSSItem nss_builtins_items_65 [] = {
+static const NSSItem nss_builtins_items_61 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)"\220\256\242\151\205\377\024\200\114\103\111\122\354\351\140\204"
 "\167\257\125\157"
 , (PRUint32)20 },
   { (void *)"\227\140\350\127\137\323\120\107\345\103\014\224\066\212\260\142"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_66 [] = {
+static const NSSItem nss_builtins_items_62 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
@@ -3792,32 +3660,32 @@ static const NSSItem nss_builtins_items_
 "\047\312\105\122\316\026\357\077\006\144\347\224\150\174\140\063"
 "\025\021\151\257\235\142\215\243\003\124\153\246\276\345\356\005"
 "\030\140\004\277\102\200\375\320\250\250\036\001\073\367\243\134"
 "\257\243\334\346\046\200\043\074\270\104\164\367\012\256\111\213"
 "\141\170\314\044\277\210\212\247\016\352\163\031\101\375\115\003"
 "\360\210\321\345\170\215\245\052\117\366\227\015\027\167\312\330"
 , (PRUint32)576 }
 };
-static const NSSItem nss_builtins_items_67 [] = {
+static const NSSItem nss_builtins_items_63 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)"\147\202\252\340\355\356\342\032\130\071\323\300\315\024\150\012"
 "\117\140\024\052"
 , (PRUint32)20 },
   { (void *)"\263\234\045\261\303\056\062\123\200\025\060\235\115\002\167\076"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_68 [] = {
+static const NSSItem nss_builtins_items_64 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151"
@@ -3871,32 +3739,32 @@ static const NSSItem nss_builtins_items_
 "\225\274\035\217\154\054\250\121\314\163\330\244\300\123\360\116"
 "\326\046\300\166\001\127\201\222\136\041\361\321\261\377\347\320"
 "\041\130\315\151\027\343\104\034\234\031\104\071\211\134\334\234"
 "\000\017\126\215\002\231\355\242\220\105\114\344\273\020\244\075"
 "\360\062\003\016\361\316\370\350\311\121\214\346\142\237\346\237"
 "\300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144"
 , (PRUint32)576 }
 };
-static const NSSItem nss_builtins_items_69 [] = {
+static const NSSItem nss_builtins_items_65 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority", (PRUint32)56 },
   { (void *)"\164\054\061\222\346\007\344\044\353\105\111\124\053\341\273\305"
 "\076\141\164\342"
 , (PRUint32)20 },
   { (void *)"\020\374\143\135\366\046\076\015\363\045\276\137\171\315\147\147"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_70 [] = {
+static const NSSItem nss_builtins_items_66 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -3975,32 +3843,32 @@ static const NSSItem nss_builtins_items_
 "\261\135\363\307\266\012\333\340\025\223\015\335\003\274\307\166"
 "\212\265\335\117\303\233\023\165\270\001\300\346\311\133\153\245"
 "\270\211\334\254\244\335\162\355\116\241\367\117\274\006\323\352"
 "\310\144\164\173\302\225\101\234\145\163\130\361\220\232\074\152"
 "\261\230\311\304\207\274\317\105\155\105\342\156\042\077\376\274"
 "\017\061\134\350\362\331"
 , (PRUint32)774 }
 };
-static const NSSItem nss_builtins_items_71 [] = {
+static const NSSItem nss_builtins_items_67 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)"\047\076\341\044\127\375\304\371\014\125\350\053\126\026\177\142"
 "\365\062\345\107"
 , (PRUint32)20 },
   { (void *)"\333\043\075\371\151\372\113\271\225\200\104\163\136\175\101\203"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_72 [] = {
+static const NSSItem nss_builtins_items_68 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -4080,32 +3948,32 @@ static const NSSItem nss_builtins_items_
 "\225\366\044\140\206\115\104\056\203\245\304\055\240\323\256\170"
 "\151\157\162\332\154\256\010\360\143\222\067\346\273\304\060\027"
 "\255\167\314\111\065\252\317\330\217\321\276\267\030\226\107\163"
 "\152\124\042\064\144\055\266\026\233\131\133\264\121\131\072\263"
 "\013\024\364\022\337\147\240\364\255\062\144\136\261\106\162\047"
 "\214\022\173\305\104\264\256"
 , (PRUint32)775 }
 };
-static const NSSItem nss_builtins_items_73 [] = {
+static const NSSItem nss_builtins_items_69 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)"\263\352\304\107\166\311\310\034\352\362\235\225\266\314\240\010"
 "\033\147\354\235"
 , (PRUint32)20 },
   { (void *)"\055\273\345\045\323\321\145\202\072\267\016\372\346\353\342\341"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_74 [] = {
+static const NSSItem nss_builtins_items_70 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -4184,32 +4052,32 @@ static const NSSItem nss_builtins_items_
 "\141\222\137\246\304\035\020\141\066\323\054\047\074\350\051\011"
 "\271\021\144\164\314\265\163\237\034\110\251\274\141\001\356\342"
 "\027\246\014\343\100\010\073\016\347\353\104\163\052\232\361\151"
 "\222\357\161\024\303\071\254\161\247\221\011\157\344\161\006\263"
 "\272\131\127\046\171\000\366\370\015\242\063\060\050\324\252\130"
 "\240\235\235\151\221\375"
 , (PRUint32)774 }
 };
-static const NSSItem nss_builtins_items_75 [] = {
+static const NSSItem nss_builtins_items_71 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)"\205\067\034\246\345\120\024\075\316\050\003\107\033\336\072\011"
 "\350\370\167\017"
 , (PRUint32)20 },
   { (void *)"\242\063\233\114\164\170\163\324\154\347\301\363\215\313\134\351"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_76 [] = {
+static const NSSItem nss_builtins_items_72 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 4 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -4288,32 +4156,32 @@ static const NSSItem nss_builtins_items_
 "\104\133\267\237\201\073\222\150\075\342\067\044\365\173\154\217"
 "\166\065\226\011\250\131\235\271\316\043\253\164\326\203\375\062"
 "\163\047\330\151\076\103\164\366\256\305\211\232\347\123\174\351"
 "\173\366\113\363\301\145\203\336\215\212\234\074\210\215\071\131"
 "\374\252\077\042\215\241\301\146\120\201\162\114\355\042\144\117"
 "\117\312\200\221\266\051"
 , (PRUint32)774 }
 };
-static const NSSItem nss_builtins_items_77 [] = {
+static const NSSItem nss_builtins_items_73 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 4 Public Primary Certification Authority - G2", (PRUint32)61 },
   { (void *)"\013\167\276\273\313\172\242\107\005\336\314\017\275\152\002\374"
 "\172\275\233\122"
 , (PRUint32)20 },
   { (void *)"\046\155\054\031\230\266\160\150\070\120\124\031\354\220\064\140"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_78 [] = {
+static const NSSItem nss_builtins_items_74 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Root CA", (PRUint32)19 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061"
 "\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154"
@@ -4385,32 +4253,32 @@ static const NSSItem nss_builtins_items_
 "\257\010\260\141\064\214\323\230\251\103\064\366\017\207\051\073"
 "\235\302\126\130\230\167\303\367\033\254\366\235\370\076\252\247"
 "\124\105\360\365\371\325\061\145\376\153\130\234\161\263\036\327"
 "\122\352\062\027\374\100\140\035\311\171\044\262\366\154\375\250"
 "\146\016\202\335\230\313\332\302\104\117\056\240\173\362\367\153"
 "\054\166\021\204\106\212\170\243\343"
 , (PRUint32)889 }
 };
-static const NSSItem nss_builtins_items_79 [] = {
+static const NSSItem nss_builtins_items_75 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Root CA", (PRUint32)19 },
   { (void *)"\057\027\077\175\351\226\147\257\245\172\370\012\242\321\261\057"
 "\254\203\003\070"
 , (PRUint32)20 },
   { (void *)"\253\277\352\343\153\051\246\314\246\170\065\231\357\255\053\200"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_80 [] = {
+static const NSSItem nss_builtins_items_76 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Partners CA", (PRUint32)23 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\102\105\061"
 "\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154"
@@ -4486,32 +4354,32 @@ static const NSSItem nss_builtins_items_
 "\161\054\353\040\031\325\301\260\354\075\345\157\355\002\007\077"
 "\023\173\146\222\326\104\301\230\367\137\120\213\172\133\302\157"
 "\155\260\321\370\345\164\240\100\067\243\045\017\344\075\312\144"
 "\061\223\220\134\060\173\271\071\061\232\136\114\315\271\101\117"
 "\120\344\075\070\256\310\146\331\307\073\135\121\107\254\233\253"
 "\362\255"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_81 [] = {
+static const NSSItem nss_builtins_items_77 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Partners CA", (PRUint32)23 },
   { (void *)"\204\304\217\000\351\221\354\336\333\264\030\251\213\357\241\172"
 "\107\355\162\230"
 , (PRUint32)20 },
   { (void *)"\074\165\315\114\275\251\320\212\171\117\120\026\067\204\364\053"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_82 [] = {
+static const NSSItem nss_builtins_items_78 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 1 CA", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\155\061\013\060\011\006\003\125\004\006\023\002\102\105\061"
 "\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154"
@@ -4587,32 +4455,32 @@ static const NSSItem nss_builtins_items_
 "\243\046\007\267\307\153\135\274\202\325\052\110\035\143\317\120"
 "\062\246\373\034\030\107\025\012\133\014\134\070\044\232\004\230"
 "\250\010\110\137\174\064\207\143\253\055\215\114\000\167\224\033"
 "\166\272\365\026\030\243\025\257\057\224\366\051\000\166\301\025"
 "\027\323\351\067\115\166\324\313\113\051\131\044\254\332\112\240"
 "\352\143\336\137\124\261\372\363\321\105\313\305\144\264\163\041"
 , (PRUint32)944 }
 };
-static const NSSItem nss_builtins_items_83 [] = {
+static const NSSItem nss_builtins_items_79 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 1 CA", (PRUint32)30 },
   { (void *)"\353\061\124\315\041\226\363\125\022\053\211\147\267\163\002\102"
 "\355\321\336\113"
 , (PRUint32)20 },
   { (void *)"\134\254\131\001\244\206\123\313\020\146\265\326\326\161\377\001"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_84 [] = {
+static const NSSItem nss_builtins_items_80 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 2 CA", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\155\061\013\060\011\006\003\125\004\006\023\002\102\105\061"
 "\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154"
@@ -4688,32 +4556,32 @@ static const NSSItem nss_builtins_items_
 "\062\377\136\076\160\214\267\250\025\314\027\302\377\106\354\320"
 "\354\055\264\156\022\050\251\371\100\351\353\324\146\227\123\251"
 "\151\125\300\251\252\262\056\315\321\151\364\276\370\273\174\151"
 "\356\124\246\333\236\373\132\246\076\376\232\357\224\121\113\165"
 "\356\330\324\341\232\361\002\126\023\211\016\247\102\213\226\213"
 "\205\014\033\205\276\046\256\253\246\231\274\042\361\163\337\102"
 , (PRUint32)944 }
 };
-static const NSSItem nss_builtins_items_85 [] = {
+static const NSSItem nss_builtins_items_81 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 2 CA", (PRUint32)30 },
   { (void *)"\203\376\336\325\161\343\226\317\307\144\367\073\337\026\166\207"
 "\162\305\037\314"
 , (PRUint32)20 },
   { (void *)"\251\251\102\131\176\276\132\224\344\054\306\213\034\052\104\266"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_86 [] = {
+static const NSSItem nss_builtins_items_82 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 3 CA", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\155\061\013\060\011\006\003\125\004\006\023\002\102\105\061"
 "\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154"
@@ -4789,32 +4657,32 @@ static const NSSItem nss_builtins_items_
 "\071\313\022\052\347\251\173\137\230\075\243\341\314\246\143\211"
 "\134\175\061\165\371\325\326\135\362\320\324\075\337\236\161\250"
 "\016\334\344\040\227\170\346\177\123\244\015\121\117\216\073\003"
 "\256\243\015\132\115\303\171\347\065\130\160\102\311\136\241\136"
 "\264\331\042\243\104\123\065\244\320\317\163\200\305\317\237\126"
 "\230\166\371\024\114\167\207\202\311\334\176\135\064\325\066\165"
 , (PRUint32)944 }
 };
-static const NSSItem nss_builtins_items_87 [] = {
+static const NSSItem nss_builtins_items_83 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GlobalSign Primary Class 3 CA", (PRUint32)30 },
   { (void *)"\164\003\311\063\110\252\304\367\016\051\364\320\025\022\364\106"
 "\111\017\165\214"
 , (PRUint32)20 },
   { (void *)"\230\022\243\113\225\251\226\144\224\347\120\214\076\341\203\132"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_88 [] = {
+static const NSSItem nss_builtins_items_84 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 1 VA", (PRUint32)20 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141"
 "\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
@@ -4889,32 +4757,32 @@ static const NSSItem nss_builtins_items_
 "\322\265\247\122\376\234\261\266\342\133\167\027\100\352\162\326"
 "\043\313\050\201\062\303\000\171\030\354\131\027\211\311\306\152"
 "\036\161\311\375\267\164\245\045\105\151\305\110\253\031\341\105"
 "\212\045\153\031\356\345\273\022\365\177\367\246\215\121\303\360"
 "\235\164\267\251\076\240\245\377\266\111\003\023\332\042\314\355"
 "\161\202\053\231\317\072\267\365\055\162\310"
 , (PRUint32)747 }
 };
-static const NSSItem nss_builtins_items_89 [] = {
+static const NSSItem nss_builtins_items_85 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 1 VA", (PRUint32)20 },
   { (void *)"\345\337\164\074\266\001\304\233\230\103\334\253\214\350\152\201"
 "\020\237\344\216"
 , (PRUint32)20 },
   { (void *)"\145\130\253\025\255\127\154\036\250\247\265\151\254\277\377\353"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_90 [] = {
+static const NSSItem nss_builtins_items_86 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 2 VA", (PRUint32)20 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141"
 "\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
@@ -4989,32 +4857,32 @@ static const NSSItem nss_builtins_items_
 "\250\130\177\241\171\000\265\273\351\215\257\101\331\017\064\356"
 "\041\201\031\240\062\111\050\364\304\216\126\325\122\063\375\120"
 "\325\176\231\154\003\344\311\114\374\313\154\253\146\263\112\041"
 "\214\345\265\014\062\076\020\262\314\154\241\334\232\230\114\002"
 "\133\363\316\271\236\245\162\016\112\267\077\074\346\026\150\370"
 "\276\355\164\114\274\133\325\142\037\103\335"
 , (PRUint32)747 }
 };
-static const NSSItem nss_builtins_items_91 [] = {
+static const NSSItem nss_builtins_items_87 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 2 VA", (PRUint32)20 },
   { (void *)"\061\172\052\320\177\053\063\136\365\241\303\116\113\127\350\267"
 "\330\361\374\246"
 , (PRUint32)20 },
   { (void *)"\251\043\165\233\272\111\066\156\061\302\333\362\347\146\272\207"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_92 [] = {
+static const NSSItem nss_builtins_items_88 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 3 VA", (PRUint32)20 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141"
 "\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
@@ -5089,32 +4957,32 @@ static const NSSItem nss_builtins_items_
 "\076\317\251\124\364\361\330\222\026\214\321\004\313\113\253\311"
 "\237\105\256\074\212\251\260\161\063\135\310\305\127\337\257\250"
 "\065\263\177\211\207\351\350\045\222\270\177\205\172\256\326\274"
 "\036\067\130\052\147\311\221\317\052\201\076\355\306\071\337\300"
 "\076\031\234\031\314\023\115\202\101\265\214\336\340\075\140\010"
 "\040\017\105\176\153\242\177\243\214\025\356"
 , (PRUint32)747 }
 };
-static const NSSItem nss_builtins_items_93 [] = {
+static const NSSItem nss_builtins_items_89 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert Class 3 VA", (PRUint32)20 },
   { (void *)"\151\275\214\364\234\323\000\373\131\056\027\223\312\125\152\363"
 "\354\252\065\373"
 , (PRUint32)20 },
   { (void *)"\242\157\123\267\356\100\333\112\150\347\372\030\331\020\113\162"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_94 [] = {
+static const NSSItem nss_builtins_items_90 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Universal CA Root", (PRUint32)25 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\127\061\017\060\015\006\003\125\004\012\023\006\124\150\141"
 "\167\164\145\061\041\060\037\006\003\125\004\013\023\030\124\150"
@@ -5405,32 +5273,32 @@ static const NSSItem nss_builtins_items_
 "\116\317\253\121\231\161\307\337\176\364\326\317\006\126\031\023"
 "\123\013\155\164\131\110\031\233\123\005\055\235\062\124\323\345"
 "\054\123\213\144\076\324\144\173\343\200\011\024\314\376\026\106"
 "\143\153\161\151\370\371\313\047\366\210\124\274\105\263\316\002"
 "\310\224\356\100\133\371\102\002\302\377\260\330\054\353\050\177"
 "\136\311\046\001\231\247"
 , (PRUint32)4390 }
 };
-static const NSSItem nss_builtins_items_95 [] = {
+static const NSSItem nss_builtins_items_91 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Universal CA Root", (PRUint32)25 },
   { (void *)"\213\302\212\044\257\373\126\135\350\120\025\173\172\153\157\024"
 "\170\114\220\343"
 , (PRUint32)20 },
   { (void *)"\027\257\161\026\122\173\163\145\042\005\051\050\204\161\235\023"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_96 [] = {
+static const NSSItem nss_builtins_items_92 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -5527,32 +5395,32 @@ static const NSSItem nss_builtins_items_
 "\245\040\200\151\150\241\117\176\341\153\317\007\101\372\203\216"
 "\274\070\335\260\056\021\261\153\262\102\314\232\274\371\110\042"
 "\171\112\031\017\262\034\076\040\164\331\152\303\276\362\050\170"
 "\023\126\171\117\155\120\352\033\260\265\127\261\067\146\130\043"
 "\363\334\017\337\012\207\304\357\206\005\325\070\024\140\231\243"
 "\113\336\006\226\161\054\362\333\266\037\244\357\077\356"
 , (PRUint32)1054 }
 };
-static const NSSItem nss_builtins_items_97 [] = {
+static const NSSItem nss_builtins_items_93 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)"\040\102\205\334\367\353\166\101\225\127\216\023\153\324\267\321"
 "\351\216\106\245"
 , (PRUint32)20 },
   { (void *)"\261\107\274\030\127\321\030\240\170\055\354\161\350\052\225\163"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_98 [] = {
+static const NSSItem nss_builtins_items_94 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -5648,32 +5516,32 @@ static const NSSItem nss_builtins_items_
 "\260\177\373\066\045\332\225\320\361\044\024\027\335\030\200\153"
 "\106\043\071\124\365\216\142\011\004\035\224\220\246\233\346\045"
 "\342\102\105\252\270\220\255\276\010\217\251\013\102\030\224\317"
 "\162\071\341\261\103\340\050\317\267\347\132\154\023\153\111\263"
 "\377\343\030\174\211\213\063\135\254\063\327\247\371\332\072\125"
 "\311\130\020\371\252\357\132\266\317\113\113\337\052"
 , (PRUint32)1053 }
 };
-static const NSSItem nss_builtins_items_99 [] = {
+static const NSSItem nss_builtins_items_95 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)"\141\357\103\327\177\312\324\141\121\274\230\340\303\131\022\257"
 "\237\353\143\021"
 , (PRUint32)20 },
   { (void *)"\370\276\304\143\042\311\250\106\164\213\270\035\036\112\053\366"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_100 [] = {
+static const NSSItem nss_builtins_items_96 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -5770,32 +5638,32 @@ static const NSSItem nss_builtins_items_
 "\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246"
 "\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156"
 "\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255"
 "\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126"
 "\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255"
 "\153\271\012\172\116\117\113\204\356\113\361\175\335\021"
 , (PRUint32)1054 }
 };
-static const NSSItem nss_builtins_items_101 [] = {
+static const NSSItem nss_builtins_items_97 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)"\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166"
 "\140\233\134\306"
 , (PRUint32)20 },
   { (void *)"\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_102 [] = {
+static const NSSItem nss_builtins_items_98 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 4 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123"
@@ -5892,32 +5760,32 @@ static const NSSItem nss_builtins_items_
 "\330\325\074\102\035\027\301\022\135\105\070\303\070\363\374\205"
 "\056\203\106\110\262\327\040\137\222\066\217\347\171\017\230\136"
 "\231\350\360\320\244\273\365\123\275\052\316\131\260\257\156\177"
 "\154\273\322\036\000\260\041\355\370\101\142\202\271\330\262\304"
 "\273\106\120\363\061\305\217\001\250\164\353\365\170\047\332\347"
 "\367\146\103\363\236\203\076\040\252\303\065\140\221\316"
 , (PRUint32)1054 }
 };
-static const NSSItem nss_builtins_items_103 [] = {
+static const NSSItem nss_builtins_items_99 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 4 Public Primary Certification Authority - G3", (PRUint32)61 },
   { (void *)"\310\354\214\207\222\151\313\113\253\071\351\215\176\127\147\363"
 "\024\225\163\235"
 , (PRUint32)20 },
   { (void *)"\333\310\362\047\056\261\352\152\051\043\135\376\126\076\063\337"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_104 [] = {
+static const NSSItem nss_builtins_items_100 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Secure Server CA", (PRUint32)29 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\303\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\024\060\022\006\003\125\004\012\023\013\105\156\164\162\165"
@@ -6025,32 +5893,32 @@ static const NSSItem nss_builtins_items_
 "\367\222\276\361\303\325\325\225\152\004\273\054\316\046\066\145"
 "\310\061\306\347\356\077\343\127\165\204\172\021\357\106\117\030"
 "\364\323\230\273\250\207\062\272\162\366\074\342\075\237\327\035"
 "\331\303\140\103\214\130\016\042\226\057\142\243\054\037\272\255"
 "\005\357\253\062\170\207\240\124\163\031\265\134\005\371\122\076"
 "\155\055\105\013\367\012\223\352\355\006\371\262"
 , (PRUint32)1244 }
 };
-static const NSSItem nss_builtins_items_105 [] = {
+static const NSSItem nss_builtins_items_101 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Secure Server CA", (PRUint32)29 },
   { (void *)"\231\246\233\346\032\376\210\153\115\053\202\000\174\270\124\374"
 "\061\176\025\071"
 , (PRUint32)20 },
   { (void *)"\337\362\200\163\314\361\346\141\163\374\365\102\351\305\174\356"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_106 [] = {
+static const NSSItem nss_builtins_items_102 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Secure Personal CA", (PRUint32)31 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\311\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\024\060\022\006\003\125\004\012\023\013\105\156\164\162\165"
@@ -6160,32 +6028,32 @@ static const NSSItem nss_builtins_items_
 "\001\241\113\371\237\045\073\226\312\231\303\076\241\121\034\363"
 "\303\056\104\367\260\147\106\252\222\345\073\332\034\031\024\070"
 "\060\325\342\242\061\045\056\361\354\105\070\355\370\006\130\003"
 "\163\142\260\020\061\217\100\277\144\340\134\076\305\117\037\332"
 "\022\103\377\114\346\006\046\250\233\031\252\104\074\166\262\134"
 "\354"
 , (PRUint32)1265 }
 };
-static const NSSItem nss_builtins_items_107 [] = {
+static const NSSItem nss_builtins_items_103 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Secure Personal CA", (PRUint32)31 },
   { (void *)"\332\171\301\161\021\120\302\064\071\252\053\013\014\142\375\125"
 "\262\371\365\200"
 , (PRUint32)20 },
   { (void *)"\014\101\057\023\133\240\124\365\226\146\055\176\315\016\003\364"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_108 [] = {
+static const NSSItem nss_builtins_items_104 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Premium 2048 Secure Server CA", (PRUint32)42 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
 "\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
@@ -6283,32 +6151,32 @@ static const NSSItem nss_builtins_items_
 "\015\063\333\004\321\346\111\100\023\053\166\373\076\351\234\211"
 "\017\025\316\030\260\205\170\041\117\153\117\016\372\066\147\315"
 "\007\362\377\010\320\342\336\331\277\052\257\270\207\206\041\074"
 "\004\312\267\224\150\177\317\074\351\230\327\070\377\354\300\331"
 "\120\360\056\113\130\256\106\157\320\056\303\140\332\162\125\162"
 "\275\114\105\236\141\272\277\204\201\222\003\321\322\151\174\305"
 , (PRUint32)1120 }
 };
-static const NSSItem nss_builtins_items_109 [] = {
+static const NSSItem nss_builtins_items_105 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Premium 2048 Secure Server CA", (PRUint32)42 },
   { (void *)"\200\035\142\320\173\104\235\134\134\003\134\230\352\141\372\104"
 "\074\052\130\376"
 , (PRUint32)20 },
   { (void *)"\272\041\352\040\326\335\333\217\301\127\213\100\255\241\374\374"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_110 [] = {
+static const NSSItem nss_builtins_items_106 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
 "\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
@@ -6389,32 +6257,32 @@ static const NSSItem nss_builtins_items_
 "\255\100\227\255\150\275\134\255\123\016\320\246\263\015\254\032"
 "\231\215\252\060\036\317\016\160\377\002\260\167\145\203\315\332"
 "\007\134\122\315\131\273\242\310\342\264\026\203\217\324\225\171"
 "\223\055\350\277\104\223\061\222\060\323\064\064\361\020\373\041"
 "\254\056\364\303\135\144\143\172\231\341\232\253\102\035\110\146"
 "\246\167\067\270\125\074\255\376\145\260\142\351"
 , (PRUint32)844 }
 };
-static const NSSItem nss_builtins_items_111 [] = {
+static const NSSItem nss_builtins_items_107 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
   { (void *)"\133\166\261\274\342\212\360\366\161\221\205\147\046\215\021\151"
 "\017\027\077\163"
 , (PRUint32)20 },
   { (void *)"\325\036\040\137\321\365\035\202\127\010\122\071\035\372\212\255"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_112 [] = {
+static const NSSItem nss_builtins_items_108 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
 "\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
@@ -6491,32 +6359,32 @@ static const NSSItem nss_builtins_items_
 "\310\210\371\362\315\177\276\205\264\104\147\000\120\076\364\046"
 "\003\144\352\167\175\350\136\076\034\067\107\310\326\352\244\363"
 "\066\074\227\302\071\162\005\224\031\045\303\327\067\101\017\301"
 "\037\207\212\375\252\276\351\261\144\127\344\333\222\241\317\341"
 "\111\350\073\037\221\023\132\303\217\331\045\130\111\200\107\017"
 "\306\003\256\254\343\277\267\300\252\052"
 , (PRUint32)938 }
 };
-static const NSSItem nss_builtins_items_113 [] = {
+static const NSSItem nss_builtins_items_109 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
   { (void *)"\060\106\330\310\210\377\151\060\303\112\374\315\111\047\010\174"
 "\140\126\173\015"
 , (PRUint32)20 },
   { (void *)"\220\365\050\111\126\321\135\054\260\123\324\113\357\157\220\042"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_114 [] = {
+static const NSSItem nss_builtins_items_110 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
 "\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
@@ -6588,32 +6456,32 @@ static const NSSItem nss_builtins_items_
 "\144\346\037\267\316\360\362\237\056\273\033\267\362\120\210\163"
 "\222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021"
 "\356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017"
 "\365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322"
 "\107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374"
 "\347\201\035\031\303\044\102\352\143\071\251"
 , (PRUint32)891 }
 };
-static const NSSItem nss_builtins_items_115 [] = {
+static const NSSItem nss_builtins_items_111 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)"\324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050"
 "\122\312\344\164"
 , (PRUint32)20 },
   { (void *)"\254\266\224\245\234\027\340\327\221\122\233\261\227\006\246\344"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_116 [] = {
+static const NSSItem nss_builtins_items_112 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
 "\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
@@ -6672,32 +6540,32 @@ static const NSSItem nss_builtins_items_
 "\336\030\111\230\320\370\170\273\161\350\215\001\006\325\327\144"
 "\217\224\337\107\376\240\205\151\066\251\057\102\172\150\112\022"
 "\326\213\013\160\104\012\244\004\357\046\210\301\065\161\070\135"
 "\033\133\110\102\360\347\224\034\160\225\064\250\253\365\253\342"
 "\170\255\365\360\122\375\233\352\102\014\350\330\124\276\123\146"
 "\365"
 , (PRUint32)641 }
 };
-static const NSSItem nss_builtins_items_117 [] = {
+static const NSSItem nss_builtins_items_113 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
   { (void *)"\264\343\013\234\301\325\356\275\240\040\030\370\271\212\321\377"
 "\151\267\072\161"
 , (PRUint32)20 },
   { (void *)"\353\264\040\035\017\266\161\003\367\304\367\307\244\162\206\350"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_118 [] = {
+static const NSSItem nss_builtins_items_114 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -6755,32 +6623,32 @@ static const NSSItem nss_builtins_items_
 "\147\275\001\257\315\340\161\374\132\317\144\304\340\226\230\320"
 "\243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145"
 "\165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257"
 "\362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263"
 "\166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031"
 "\126\224\251\125"
 , (PRUint32)660 }
 };
-static const NSSItem nss_builtins_items_119 [] = {
+static const NSSItem nss_builtins_items_115 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)"\176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312"
 "\331\012\031\105"
 , (PRUint32)20 },
   { (void *)"\217\135\167\006\047\304\230\074\133\223\170\347\327\175\233\314"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_120 [] = {
+static const NSSItem nss_builtins_items_116 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -6837,32 +6705,32 @@ static const NSSItem nss_builtins_items_
 "\142\040\247\204\113\130\145\361\342\371\225\041\077\365\324\176"
 "\130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274"
 "\303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174"
 "\106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215"
 "\374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315"
 "\132\052\202\262\067\171"
 , (PRUint32)646 }
 };
-static const NSSItem nss_builtins_items_121 [] = {
+static const NSSItem nss_builtins_items_117 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)"\332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365"
 "\267\321\212\101"
 , (PRUint32)20 },
   { (void *)"\144\234\357\056\104\374\306\217\122\007\320\121\163\217\313\075"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_122 [] = {
+static const NSSItem nss_builtins_items_118 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\105\161\165\151\146\141"
@@ -6927,32 +6795,32 @@ static const NSSItem nss_builtins_items_
 "\321\301\076\123\237\003\104\260\176\113\364\157\344\174\037\347"
 "\342\261\344\270\232\357\303\275\316\336\013\062\064\331\336\050"
 "\355\063\153\304\324\327\075\022\130\253\175\011\055\313\160\365"
 "\023\212\224\241\047\244\326\160\305\155\224\265\311\175\235\240"
 "\322\306\010\111\331\146\233\246\323\364\013\334\305\046\127\341"
 "\221\060\352\315"
 , (PRUint32)804 }
 };
-static const NSSItem nss_builtins_items_123 [] = {
+static const NSSItem nss_builtins_items_119 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)"\071\117\366\205\013\006\276\122\345\030\126\314\020\341\200\350"
 "\202\263\205\314"
 , (PRUint32)20 },
   { (void *)"\252\277\277\144\227\332\230\035\157\306\010\072\225\160\063\312"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_124 [] = {
+static const NSSItem nss_builtins_items_120 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 1", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -7020,32 +6888,32 @@ static const NSSItem nss_builtins_items_
 "\243\126\143\036\105\066\175\161\276\061\147\164\206\057\331\354"
 "\210\302\040\275\231\115\075\125\005\320\242\132\114\125\042\230"
 "\320\361\165\364\027\372\330\343\376\342\024\340\017\145\372\262"
 "\326\151\054\063\120\311\047\240\254\220\061\113\024\345\353\143"
 "\144\340\075\343\374\022\112\305\226\202\055\332\045\071\376\324"
 "\177\056\101\307\142\110\327\161\105\073\170\222"
 , (PRUint32)860 }
 };
-static const NSSItem nss_builtins_items_125 [] = {
+static const NSSItem nss_builtins_items_121 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 1", (PRUint32)33 },
   { (void *)"\106\260\324\152\346\120\054\267\223\205\000\010\220\373\363\120"
 "\251\310\140\157"
 , (PRUint32)20 },
   { (void *)"\031\152\006\154\335\311\017\266\024\321\311\373\163\077\005\317"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_126 [] = {
+static const NSSItem nss_builtins_items_122 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -7120,32 +6988,32 @@ static const NSSItem nss_builtins_items_
 "\212\362\043\330\057\313\156\000\066\117\373\360\057\001\314\017"
 "\300\042\145\364\253\342\116\141\055\003\202\175\221\026\265\060"
 "\325\024\336\136\307\220\374\241\374\253\020\257\134\153\160\247"
 "\007\357\051\206\350\262\045\307\040\377\046\335\167\357\171\104"
 "\024\304\275\335\073\305\003\233\167\043\354\240\354\273\132\071"
 "\265\314\255\006"
 , (PRUint32)900 }
 };
-static const NSSItem nss_builtins_items_127 [] = {
+static const NSSItem nss_builtins_items_123 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)"\311\015\033\352\210\075\247\321\027\276\073\171\364\041\016\032"
 "\130\224\247\055"
 , (PRUint32)20 },
   { (void *)"\065\110\225\066\112\124\132\162\226\216\340\144\314\357\054\214"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_128 [] = {
+static const NSSItem nss_builtins_items_124 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 3", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -7220,32 +7088,32 @@ static const NSSItem nss_builtins_items_
 "\174\002\042\276\345\007\175\155\044\321\047\261\326\035\036\134"
 "\107\074\277\056\156\370\034\204\110\354\365\341\240\225\021\315"
 "\347\060\353\134\360\051\173\165\202\002\006\262\363\223\071\322"
 "\016\254\337\137\044\023\025\060\103\365\120\324\307\203\240\103"
 "\071\117\145\064\275\246\351\316\341\164\276\040\337\322\162\026"
 "\113\211\106\166"
 , (PRUint32)900 }
 };
-static const NSSItem nss_builtins_items_129 [] = {
+static const NSSItem nss_builtins_items_125 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 3", (PRUint32)33 },
   { (void *)"\000\263\327\076\235\205\161\066\073\147\325\056\136\156\371\022"
 "\242\205\067\122"
 , (PRUint32)20 },
   { (void *)"\327\276\275\236\373\162\170\072\347\212\275\201\276\013\075\030"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_130 [] = {
+static const NSSItem nss_builtins_items_126 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 4", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -7303,32 +7171,32 @@ static const NSSItem nss_builtins_items_
 "\307\125\043\024\215\302\150\115\031\362\151\264\352\107\024\221"
 "\073\121\207\030\372\166\233\342\173\034\023\323\346\146\036\012"
 "\022\271\135\220\306\073\023\024\042\315\065\214\055\105\140\000"
 "\004\310\357\130\002\305\135\231\264\220\155\336\124\327\043\342"
 "\071\204\045\303\150\243\142\243\171\330\230\241\132\322\134\211"
 "\375\345\026\014\364\253\027\110\176\255\353\200\300\125\201"
 , (PRUint32)639 }
 };
-static const NSSItem nss_builtins_items_131 [] = {
+static const NSSItem nss_builtins_items_127 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 4", (PRUint32)33 },
   { (void *)"\231\001\027\355\035\374\376\140\054\136\120\175\140\223\051\223"
 "\214\100\014\146"
 , (PRUint32)20 },
   { (void *)"\010\107\110\253\040\057\157\302\163\013\262\025\005\041\036\312"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_132 [] = {
+static const NSSItem nss_builtins_items_128 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 5", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -7386,32 +7254,32 @@ static const NSSItem nss_builtins_items_
 "\156\103\124\116\171\315\213\325\120\031\062\330\111\070\064\375"
 "\266\163\111\353\016\111\172\277\032\367\352\007\050\045\273\025"
 "\111\034\121\112\125\232\070\057\055\017\130\371\171\321\002\145"
 "\023\214\131\237\020\177\135\027\074\164\362\265\352\167\201\066"
 "\206\157\062\133\005\264\015\243\046\147\360\344\065\016\107\275"
 "\153\301\221\235\013\364\077\232\021\174\224\026\147\266\230"
 , (PRUint32)639 }
 };
-static const NSSItem nss_builtins_items_133 [] = {
+static const NSSItem nss_builtins_items_129 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 5", (PRUint32)33 },
   { (void *)"\367\027\230\102\276\276\302\037\113\055\235\013\234\067\036\064"
 "\206\325\251\317"
 , (PRUint32)20 },
   { (void *)"\317\200\157\240\170\121\321\126\233\253\310\135\243\157\220\012"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_134 [] = {
+static const NSSItem nss_builtins_items_130 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061"
 "\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123"
@@ -7510,32 +7378,32 @@ static const NSSItem nss_builtins_items_
 "\344\164\324\075\352\001\161\272\004\165\100\247\251\177\071\071"
 "\232\125\227\051\145\256\031\125\045\005\162\107\323\350\030\334"
 "\270\351\257\103\163\001\022\164\243\341\134\137\025\135\044\363"
 "\371\344\364\266\147\147\022\347\144\042\212\366\245\101\246\034"
 "\266\140\143\105\212\020\264\272\106\020\256\101\127\145\154\077"
 "\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256"
 , (PRUint32)1328 }
 };
-static const NSSItem nss_builtins_items_135 [] = {
+static const NSSItem nss_builtins_items_131 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)"\133\315\315\314\146\366\334\344\104\037\343\175\134\303\023\114"
 "\106\364\160\070"
 , (PRUint32)20 },
   { (void *)"\205\312\166\132\033\321\150\042\334\242\043\022\312\306\200\064"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_136 [] = {
+static const NSSItem nss_builtins_items_132 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA", (PRUint32)14 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\073\061\041\060\037\006\003\125\004\012\023\030\130\143\145"
 "\162\164\040\111\156\164\145\162\156\141\164\151\157\156\141\154"
@@ -7602,32 +7470,32 @@ static const NSSItem nss_builtins_items_
 "\165\321\023\076\130\364\363\001\350\210\304\224\126\311\300\376"
 "\337\117\107\125\037\153\201\116\124\355\023\137\162\374\046\206"
 "\004\066\217\117\022\115\234\120\342\116\132\126\254\271\375\054"
 "\037\130\173\005\022\007\143\070\357\031\343\364\074\221\132\242"
 "\045\142\127\274\306\224\240\167\234\317\064\142\340\277\373\165"
 "\074\351\033\046\033\234\144"
 , (PRUint32)871 }
 };
-static const NSSItem nss_builtins_items_137 [] = {
+static const NSSItem nss_builtins_items_133 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA", (PRUint32)14 },
   { (void *)"\041\021\164\054\135\202\325\257\325\231\114\122\004\123\125\050"
 "\104\361\154\261"
 , (PRUint32)20 },
   { (void *)"\226\201\231\014\155\262\211\205\303\331\200\234\063\273\076\031"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_138 [] = {
+static const NSSItem nss_builtins_items_134 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA 1024", (PRUint32)19 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\100\061\041\060\037\006\003\125\004\012\023\030\130\143\145"
 "\162\164\040\111\156\164\145\162\156\141\164\151\157\156\141\154"
@@ -7680,32 +7548,32 @@ static const NSSItem nss_builtins_items_
 "\335\331\167\165\101\347\222\041\232\154\051\333\247\154\160\206"
 "\240\134\303\344\363\062\314\001\204\131\327\210\071\070\363\250"
 "\342\342\032\260\227\315\053\027\334\144\004\017\252\152\163\224"
 "\326\353\010\306\200\151\115\336\172\325\305\067\361\222\027\074"
 "\155\323\212\041\314\144\020\252\336\142\207\037\217\270\370\252"
 "\165\112\364\010\054\365\334\146\317\303\070\176"
 , (PRUint32)620 }
 };
-static const NSSItem nss_builtins_items_139 [] = {
+static const NSSItem nss_builtins_items_135 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA 1024", (PRUint32)19 },
   { (void *)"\054\245\040\131\044\213\336\160\224\354\326\313\143\116\176\051"
 "\207\004\113\220"
 , (PRUint32)20 },
   { (void *)"\304\040\322\322\017\140\113\244\062\340\221\324\040\113\111\270"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_140 [] = {
+static const NSSItem nss_builtins_items_136 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA v1", (PRUint32)17 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\076\061\041\060\037\006\003\125\004\012\023\030\130\143\145"
 "\162\164\040\111\156\164\145\162\156\141\164\151\157\156\141\154"
@@ -7766,32 +7634,32 @@ static const NSSItem nss_builtins_items_
 "\144\253\374\106\072\320\013\323\227\261\134\331\234\254\030\072"
 "\040\007\172\042\371\267\020\145\272\354\346\123\324\252\344\303"
 "\101\274\233\337\302\335\232\001\106\324\216\105\355\311\312\026"
 "\064\204\215\062\124\074\124\142\220\215\032\146\122\315\372\034"
 "\314\014\374\261\343\223\310\247\331\353\150\143\217\320\176\056"
 "\055\335\051"
 , (PRUint32)771 }
 };
-static const NSSItem nss_builtins_items_141 [] = {
+static const NSSItem nss_builtins_items_137 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA v1", (PRUint32)17 },
   { (void *)"\252\070\226\073\042\304\350\333\032\031\107\202\076\257\220\003"
 "\207\102\254\345"
 , (PRUint32)20 },
   { (void *)"\111\216\265\061\147\112\303\226\274\213\257\160\026\303\005\111"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_142 [] = {
+static const NSSItem nss_builtins_items_138 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA v1 1024", (PRUint32)22 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\103\061\041\060\037\006\003\125\004\012\023\030\130\143\145"
 "\162\164\040\111\156\164\145\162\156\141\164\151\157\156\141\154"
@@ -7838,32 +7706,32 @@ static const NSSItem nss_builtins_items_
 "\004\362\275\121\020\270\070\303\241\022\333\220\203\176\265\143"
 "\130\253\063\255\227\036\106\120\102\020\254\310\253\055\035\065"
 "\154\306\346\103\120\050\003\241\254\373\021\225\377\351\325\112"
 "\017\221\345\003\344\210\060\074\034\166\321\227\360\012\324\207"
 "\240\014\232\217\141\316\332\176\162\263\073\120\300\200\204\017"
 "\041\040\224\150\052\332\214\276"
 , (PRUint32)520 }
 };
-static const NSSItem nss_builtins_items_143 [] = {
+static const NSSItem nss_builtins_items_139 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert Root CA v1 1024", (PRUint32)22 },
   { (void *)"\042\072\107\064\216\347\211\332\165\206\073\031\062\260\146\340"
 "\264\121\247\064"
 , (PRUint32)20 },
   { (void *)"\100\212\076\322\066\036\040\237\374\055\066\253\350\371\202\062"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_144 [] = {
+static const NSSItem nss_builtins_items_140 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert EZ", (PRUint32)9 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\214\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\015\060\013\006\003\125\004\010\023\004\125\164\141\150\061"
@@ -7950,32 +7818,32 @@ static const NSSItem nss_builtins_items_
 "\354\102\141\024\166\273\000\305\353\010\075\025\177\113\266\042"
 "\135\207\073\220\364\363\300\376\067\263\351\331\142\014\300\303"
 "\131\257\140\275\037\015\333\241\064\037\060\304\075\213\255\260"
 "\035\004\223\355\137\325\344\277\040\060\004\364\110\351\063\001"
 "\321\056\220\047\122\263\233\336\072\034\253\251\227\177\233\353"
 "\302\215\302\155\354\334\023\323\106\305\171\174"
 , (PRUint32)1020 }
 };
-static const NSSItem nss_builtins_items_145 [] = {
+static const NSSItem nss_builtins_items_141 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Xcert EZ", (PRUint32)9 },
   { (void *)"\150\355\030\263\011\315\122\221\300\323\065\174\035\021\101\277"
 "\210\070\146\261"
 , (PRUint32)20 },
   { (void *)"\202\022\367\211\341\013\221\140\244\266\042\237\224\150\021\222"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_146 [] = {
+static const NSSItem nss_builtins_items_142 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CertEngine CA", (PRUint32)14 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\250\061\013\060\011\006\003\125\004\006\023\002\103\101"
 "\061\013\060\011\006\003\125\004\010\023\002\117\116\061\020\060"
@@ -8064,32 +7932,32 @@ static const NSSItem nss_builtins_items_
 "\231\331\307\313\074\104\032\364\130\064\322\066\155\055\042\175"
 "\170\033\020\123\126\251\046\254\366\255\370\171\256\112\072\231"
 "\011\273\304\377\053\045\337\111\276\253\074\353\001\111\275\055"
 "\300\312\060\300\153\102\124\175\202\340\274\077\363\072\064\022"
 "\070\114\245\063\254\075\253\233\343\117\017\255\237\215\103\146"
 "\345"
 , (PRUint32)993 }
 };
-static const NSSItem nss_builtins_items_147 [] = {
+static const NSSItem nss_builtins_items_143 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CertEngine CA", (PRUint32)14 },
   { (void *)"\301\202\340\336\254\032\145\113\262\022\013\204\012\205\326\300"
 "\267\077\264\154"
 , (PRUint32)20 },
   { (void *)"\072\276\220\341\242\032\164\211\157\217\240\057\040\204\350\123"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_148 [] = {
+static const NSSItem nss_builtins_items_144 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"BankEngine CA", (PRUint32)14 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\250\061\013\060\011\006\003\125\004\006\023\002\103\101"
 "\061\013\060\011\006\003\125\004\010\023\002\117\116\061\020\060"
@@ -8178,32 +8046,32 @@ static const NSSItem nss_builtins_items_
 "\254\226\056\234\144\175\026\046\075\071\276\376\217\002\160\211"
 "\223\022\340\054\122\076\113\156\267\032\377\336\023\257\257\137"
 "\200\055\056\310\161\126\244\206\020\067\076\346\100\045\267\107"
 "\025\027\045\107\332\214\063\306\201\234\026\146\177\345\057\334"
 "\255\356\205\077\224\007\074\330\353\236\024\365\210\265\045\211"
 "\300"
 , (PRUint32)993 }
 };
-static const NSSItem nss_builtins_items_149 [] = {
+static const NSSItem nss_builtins_items_145 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"BankEngine CA", (PRUint32)14 },
   { (void *)"\174\366\047\174\203\221\226\137\011\161\303\227\066\111\273\003"
 "\233\175\076\211"
 , (PRUint32)20 },
   { (void *)"\077\126\162\302\341\064\321\166\123\063\106\341\215\272\223\166"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_150 [] = {
+static const NSSItem nss_builtins_items_146 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"FortEngine CA", (PRUint32)14 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\250\061\013\060\011\006\003\125\004\006\023\002\103\101"
 "\061\013\060\011\006\003\125\004\010\023\002\117\116\061\020\060"
@@ -8324,32 +8192,32 @@ static const NSSItem nss_builtins_items_
 "\061\034\333\270\322\036\213\041\132\131\317\161\376\322\262\363"
 "\270\132\037\115\370\262\062\067\037\053\140\062\035\004\340\120"
 "\046\354\256\370\015\270\260\320\121\274\205\031\127\041\164\125"
 "\044\207\073\127\334\070\104\126\174\147\236\272\130\340\025\143"
 "\101\324\352\130\213\360\356\121\245\112\340\302\217\021\020\000"
 "\347"
 , (PRUint32)1505 }
 };
-static const NSSItem nss_builtins_items_151 [] = {
+static const NSSItem nss_builtins_items_147 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"FortEngine CA", (PRUint32)14 },
   { (void *)"\101\101\246\125\070\252\007\017\342\231\174\272\223\237\274\221"
 "\355\012\034\116"
 , (PRUint32)20 },
   { (void *)"\225\015\273\365\336\111\267\072\266\302\311\233\100\106\036\155"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_152 [] = {
+static const NSSItem nss_builtins_items_148 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"MailEngine CA", (PRUint32)14 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\250\061\013\060\011\006\003\125\004\006\023\002\103\101"
 "\061\013\060\011\006\003\125\004\010\023\002\117\116\061\020\060"
@@ -8438,32 +8306,32 @@ static const NSSItem nss_builtins_items_
 "\111\326\172\051\337\022\067\254\263\253\020\376\156\346\003\346"
 "\303\237\046\150\301\027\371\367\226\241\107\064\301\347\234\145"
 "\362\331\060\027\146\322\000\133\067\337\123\160\064\160\143\301"
 "\067\241\131\323\156\232\363\241\333\027\125\370\223\354\154\316"
 "\026\311\273\370\244\163\074\256\132\160\211\042\015\337\115\204"
 "\203"
 , (PRUint32)993 }
 };
-static const NSSItem nss_builtins_items_153 [] = {
+static const NSSItem nss_builtins_items_149 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"MailEngine CA", (PRUint32)14 },
   { (void *)"\052\175\170\152\226\012\241\132\305\231\364\361\115\344\004\057"
 "\271\134\173\220"
 , (PRUint32)20 },
   { (void *)"\257\331\256\074\245\337\007\060\040\273\005\006\306\111\161\123"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_154 [] = {
+static const NSSItem nss_builtins_items_150 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TraderEngine CA", (PRUint32)16 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\256\061\013\060\011\006\003\125\004\006\023\002\103\101"
 "\061\013\060\011\006\003\125\004\010\023\002\117\116\061\020\060"
@@ -8554,32 +8422,32 @@ static const NSSItem nss_builtins_items_
 "\257\107\102\016\164\273\152\156\326\115\163\330\010\061\235\112"
 "\103\340\020\161\055\055\202\030\037\171\131\247\233\012\165\126"
 "\175\302\136\005\321\143\105\221\025\221\122\276\300\134\370\360"
 "\347\113\213\231\103\146\050\047\174\045\222\314\030\015\123\104"
 "\324\223\213\265\075\021\312\326\267\103\244\061\151\273\341\075"
 "\226\126\160\040\066\300\357\331\152\326\260\147\343"
 , (PRUint32)1005 }
 };
-static const NSSItem nss_builtins_items_155 [] = {
+static const NSSItem nss_builtins_items_151 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TraderEngine CA", (PRUint32)16 },
   { (void *)"\226\137\006\006\205\177\333\000\352\163\325\301\271\274\232\264"
 "\350\273\231\263"
 , (PRUint32)20 },
   { (void *)"\165\061\224\331\224\242\361\006\237\230\167\323\037\336\157\372"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_156 [] = {
+static const NSSItem nss_builtins_items_152 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"USPS Root", (PRUint32)10 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\146\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\045\060\043\006\003\125\004\012\023\034\125\156\151\164\145\144"
@@ -8651,32 +8519,32 @@ static const NSSItem nss_builtins_items_
 "\065\065\205\012\117\263\350\202\247\257\255\227\135\206\116\327"
 "\267\255\254\217\240\240\124\113\245\117\364\165\007\273\057\056"
 "\031\033\036\216\355\155\113\325\115\203\310\166\227\127\206\366"
 "\044\102\005\365\262\354\026\357\274\354\275\346\220\154\217\222"
 "\263\033\031\147\046\072\257\245\307\036\362\364\165\116\151\331"
 "\273\373\017\154\134\072\310\335\255\216\012\227\035\217"
 , (PRUint32)862 }
 };
-static const NSSItem nss_builtins_items_157 [] = {
+static const NSSItem nss_builtins_items_153 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"USPS Root", (PRUint32)10 },
   { (void *)"\154\041\132\224\112\235\120\245\027\015\202\313\324\371\325\072"
 "\341\237\030\145"
 , (PRUint32)20 },
   { (void *)"\274\055\035\316\370\036\035\175\021\044\152\231\160\130\175\031"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_158 [] = {
+static const NSSItem nss_builtins_items_154 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"USPS Production 1", (PRUint32)18 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\156\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\045\060\043\006\003\125\004\012\023\034\125\156\151\164\145\144"
@@ -8830,32 +8698,32 @@ static const NSSItem nss_builtins_items_
 "\042\257\134\172\366\353\142\076\253\274\275\217\142\130\313\202"
 "\072\324\304\100\347\213\270\017\020\120\017\054\070\043\071\224"
 "\345\040\307\324\270\371\341\121\102\104\224\154\143\136\343\176"
 "\136\142\336\357\075\106\264\074\133\250\233\016\172\236\035\126"
 "\355\274\005\264\305\361\131\011\257\157\111\205\131\333\072\021"
 "\145\315\351"
 , (PRUint32)2163 }
 };
-static const NSSItem nss_builtins_items_159 [] = {
+static const NSSItem nss_builtins_items_155 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"USPS Production 1", (PRUint32)18 },
   { (void *)"\246\153\351\054\171\064\177\363\201\000\013\373\142\054\337\247"
 "\121\331\153\123"
 , (PRUint32)20 },
   { (void *)"\076\000\040\236\051\317\232\170\303\150\117\206\366\173\341\106"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_160 [] = {
+static const NSSItem nss_builtins_items_156 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Non-Validated Services Root", (PRUint32)37 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -8939,32 +8807,32 @@ static const NSSItem nss_builtins_items_
 "\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030"
 "\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173"
 "\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200"
 "\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317"
 "\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344"
 "\065\341\035\026\034\320\274\053\216\326\161\331"
 , (PRUint32)1052 }
 };
-static const NSSItem nss_builtins_items_161 [] = {
+static const NSSItem nss_builtins_items_157 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Non-Validated Services Root", (PRUint32)37 },
   { (void *)"\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353"
 "\044\343\224\235"
 , (PRUint32)20 },
   { (void *)"\036\102\225\002\063\222\153\271\137\300\177\332\326\262\113\374"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_162 [] = {
+static const NSSItem nss_builtins_items_158 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -9052,32 +8920,32 @@ static const NSSItem nss_builtins_items_
 "\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027"
 "\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236"
 "\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163"
 "\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132"
 "\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202"
 "\027\132\173\320\274\307\217\116\206\004"
 , (PRUint32)1082 }
 };
-static const NSSItem nss_builtins_items_163 [] = {
+static const NSSItem nss_builtins_items_159 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)"\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133"
 "\150\205\030\150"
 , (PRUint32)20 },
   { (void *)"\035\065\124\004\205\170\260\077\102\102\115\277\040\163\012\077"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_164 [] = {
+static const NSSItem nss_builtins_items_160 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -9161,32 +9029,32 @@ static const NSSItem nss_builtins_items_
 "\341\042\015\207\000\144\376\214\175\142\071\145\246\357\102\266"
 "\200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120"
 "\305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046"
 "\136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035"
 "\137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362"
 "\116\072\063\014\053\263\055\220\006"
 , (PRUint32)1049 }
 };
-static const NSSItem nss_builtins_items_165 [] = {
+static const NSSItem nss_builtins_items_161 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)"\052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231"
 "\162\054\226\345"
 , (PRUint32)20 },
   { (void *)"\301\142\076\043\305\202\163\234\003\131\113\053\351\167\111\177"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_166 [] = {
+static const NSSItem nss_builtins_items_162 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -9271,32 +9139,32 @@ static const NSSItem nss_builtins_items_
 "\011\371\277\122\241\356\302\200\076\006\134\056\125\100\301\033"
 "\365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130"
 "\211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335"
 "\340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336"
 "\074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350"
 "\306\241"
 , (PRUint32)1058 }
 };
-static const NSSItem nss_builtins_items_167 [] = {
+static const NSSItem nss_builtins_items_163 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)"\115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036"
 "\305\115\213\317"
 , (PRUint32)20 },
   { (void *)"\047\354\071\107\315\332\132\257\342\232\001\145\041\251\114\273"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_168 [] = {
+static const NSSItem nss_builtins_items_164 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -9377,32 +9245,32 @@ static const NSSItem nss_builtins_items_
 "\301\167\234\275\054\003\170\051\215\244\245\167\207\365\361\053"
 "\046\255\314\007\154\072\124\132\050\340\011\363\115\012\004\312"
 "\324\130\151\013\247\263\365\335\001\245\347\334\360\037\272\301"
 "\135\220\215\263\352\117\301\021\131\227\152\262\053\023\261\332"
 "\255\227\241\263\261\240\040\133\312\062\253\215\317\023\360\037"
 "\051\303"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_169 [] = {
+static const NSSItem nss_builtins_items_165 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\004\226\110\344\112\311\314\255\105\203\230\331\074\175\221\365"
 "\042\104\033\212"
 , (PRUint32)20 },
   { (void *)"\176\157\072\123\033\174\276\260\060\333\103\036\036\224\211\262"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_170 [] = {
+static const NSSItem nss_builtins_items_166 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -9483,32 +9351,32 @@ static const NSSItem nss_builtins_items_
 "\040\232\163\055\163\125\154\130\233\054\302\264\064\054\172\063"
 "\102\312\221\331\351\103\257\317\036\340\365\304\172\253\077\162"
 "\143\036\251\067\341\133\073\210\263\023\206\202\220\127\313\127"
 "\377\364\126\276\042\335\343\227\250\341\274\042\103\302\335\115"
 "\333\366\201\236\222\024\236\071\017\023\124\336\202\330\300\136"
 "\064\215"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_171 [] = {
+static const NSSItem nss_builtins_items_167 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\042\171\151\276\320\122\116\115\035\066\262\361\162\041\167\361"
 "\124\123\110\167"
 , (PRUint32)20 },
   { (void *)"\363\105\275\020\226\015\205\113\357\237\021\142\064\247\136\265"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_172 [] = {
+static const NSSItem nss_builtins_items_168 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -9589,32 +9457,32 @@ static const NSSItem nss_builtins_items_
 "\001\163\132\221\221\202\124\054\023\012\323\167\043\317\067\374"
 "\143\336\247\343\366\267\265\151\105\050\111\303\221\334\252\107"
 "\034\251\210\231\054\005\052\215\215\212\372\142\342\132\267\000"
 "\040\135\071\304\050\302\313\374\236\250\211\256\133\075\216\022"
 "\352\062\262\374\353\024\327\011\025\032\300\315\033\325\265\025"
 "\116\101\325\226\343\116"
 , (PRUint32)934 }
 };
-static const NSSItem nss_builtins_items_173 [] = {
+static const NSSItem nss_builtins_items_169 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\265\355\267\332\046\072\126\164\322\042\105\060\324\307\217\172"
 "\007\365\345\137"
 , (PRUint32)20 },
   { (void *)"\175\121\222\311\166\203\230\026\336\214\263\206\304\175\146\373"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_174 [] = {
+static const NSSItem nss_builtins_items_170 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\236\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -9696,32 +9564,32 @@ static const NSSItem nss_builtins_items_
 "\052\266\226\117\107\333\276\116\333\316\314\272\206\270\030\316"
 "\261\022\221\137\143\367\363\110\076\314\361\115\023\344\155\011"
 "\224\170\000\222\313\243\040\235\006\013\152\240\103\007\316\321"
 "\031\154\217\030\165\232\237\027\063\375\251\046\270\343\342\336"
 "\302\250\304\132\212\177\230\326\007\006\153\314\126\236\206\160"
 "\316\324\357"
 , (PRUint32)931 }
 };
-static const NSSItem nss_builtins_items_175 [] = {
+static const NSSItem nss_builtins_items_171 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)"\161\236\140\141\327\175\054\203\361\242\135\074\366\215\002\274"
 "\224\070\305\056"
 , (PRUint32)20 },
   { (void *)"\054\142\303\330\200\001\026\011\352\131\352\170\253\020\103\366"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_176 [] = {
+static const NSSItem nss_builtins_items_172 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\245\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -9811,32 +9679,32 @@ static const NSSItem nss_builtins_items_
 "\067\000\064\047\051\350\067\113\362\357\104\227\153\027\121\032"
 "\303\126\235\074\032\212\366\112\106\106\067\214\372\313\365\144"
 "\132\070\150\056\034\303\357\160\316\270\106\006\026\277\367\176"
 "\347\265\250\076\105\254\251\045\165\042\173\157\077\260\234\224"
 "\347\307\163\253\254\037\356\045\233\300\026\355\267\312\133\360"
 "\024"
 , (PRUint32)977 }
 };
-static const NSSItem nss_builtins_items_177 [] = {
+static const NSSItem nss_builtins_items_173 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)"\246\017\064\310\142\154\201\366\213\367\175\251\366\147\130\212"
 "\220\077\175\066"
 , (PRUint32)20 },
   { (void *)"\211\111\124\214\310\150\232\203\051\354\334\006\163\041\253\227"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_178 [] = {
+static const NSSItem nss_builtins_items_174 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\213\061\013\060\011\006\003\125\004\006\023\002\132\101"
 "\061\025\060\023\006\003\125\004\010\023\014\127\145\163\164\145"
@@ -9901,31 +9769,466 @@ static const NSSItem nss_builtins_items_
 "\151\306\136\344\260\224\157\112\271\347\336\133\210\266\173\333"
 "\343\047\345\166\303\360\065\301\313\265\047\233\063\171\334\220"
 "\246\000\236\167\372\374\315\047\224\102\026\234\323\034\150\354"
 "\277\134\335\345\251\173\020\012\062\164\124\023\061\213\205\003"
 "\204\221\267\130\001\060\024\070\257\050\312\374\261\120\031\031"
 "\011\254\211\111\323"
 , (PRUint32)677 }
 };
-static const NSSItem nss_builtins_items_179 [] = {
+static const NSSItem nss_builtins_items_175 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)"\276\066\244\126\057\262\356\005\333\263\323\043\043\255\364\105"
 "\010\116\326\126"
 , (PRUint32)20 },
   { (void *)"\177\146\172\161\323\353\151\170\040\232\121\024\235\203\332\040"
 , (PRUint32)16 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
+static const NSSItem nss_builtins_items_176 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"E-Certify CA", (PRUint32)13 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+  { (void *)"\001\115\105\234"
+, (PRUint32)4 },
+  { (void *)"\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001"
+"\115\105\234\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143"
+"\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145"
+"\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011"
+"\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125"
+"\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+"\060\036\027\015\071\071\060\071\062\070\061\066\064\070\062\071"
+"\132\027\015\060\064\060\071\062\070\061\066\064\070\062\071\132"
+"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101\060\202"
+"\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005"
+"\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\272"
+"\233\246\161\200\125\164\111\051\125\166\033\307\066\225\060\054"
+"\062\011\121\356\060\244\153\150\207\107\330\050\012\027\177\157"
+"\250\232\040\266\253\001\322\256\240\105\106\065\002\002\374\332"
+"\340\040\162\012\063\015\223\160\270\004\220\111\371\150\070\273"
+"\015\021\156\071\135\130\172\306\043\146\351\273\027\062\046\350"
+"\354\022\150\207\051\314\271\345\117\314\210\033\355\225\161\241"
+"\123\042\056\355\203\134\376\062\127\114\122\123\070\341\025\155"
+"\000\125\111\207\044\313\344\026\110\270\231\345\332\172\337\243"
+"\205\230\164\302\371\253\153\111\315\377\102\315\270\055\264\200"
+"\313\114\172\065\374\220\277\115\323\000\355\317\214\377\117\071"
+"\373\172\170\360\016\015\111\177\123\076\024\233\046\250\252\311"
+"\273\341\321\033\335\034\060\257\001\346\233\046\006\144\274\357"
+"\130\114\132\105\225\120\304\054\076\164\130\351\074\257\373\303"
+"\253\122\004\332\044\362\261\304\366\133\323\110\340\301\204\060"
+"\174\321\165\077\344\123\163\135\211\330\356\100\117\011\227\227"
+"\205\143\215\325\240\256\206\203\153\333\124\150\136\350\113\002"
+"\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004"
+"\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110"
+"\206\367\015\001\001\005\005\000\003\202\001\001\000\163\076\031"
+"\174\330\126\321\305\377\012\235\347\266\315\227\363\247\341\101"
+"\310\176\202\065\377\233\226\322\013\357\161\362\020\345\104\313"
+"\222\350\016\132\346\076\304\364\225\151\002\274\013\126\200\271"
+"\161\027\143\036\101\111\052\065\352\034\325\144\253\111\355\013"
+"\076\213\124\241\115\050\150\352\275\267\201\077\065\171\202\367"
+"\064\274\171\210\045\236\200\347\317\250\025\257\362\341\025\053"
+"\007\121\340\324\215\112\112\003\300\042\053\271\150\112\200\303"
+"\250\205\010\325\247\052\275\313\247\143\175\243\260\312\126\140"
+"\154\105\341\312\277\024\122\012\302\305\145\354\241\075\037\100"
+"\371\120\132\344\064\012\157\302\164\254\174\314\047\352\343\207"
+"\245\123\310\336\174\076\135\102\122\132\353\005\150\246\030\062"
+"\140\040\170\153\160\024\140\041\202\011\075\036\126\300\025\141"
+"\000\121\145\262\061\022\371\306\112\006\274\137\364\071\037\166"
+"\232\211\170\351\066\202\332\265\157\213\177\211\265\114\367\145"
+"\030\134\201\363\356\120\326\335\354\151\110\237\053\265\336\076"
+"\275\372\274\154\153\147\123\233\261\223\271\221\106"
+, (PRUint32)829 }
+};
+static const NSSItem nss_builtins_items_177 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"E-Certify CA", (PRUint32)13 },
+  { (void *)"\133\330\153\206\375\275\330\206\371\233\310\120\106\350\052\112"
+"\211\152\317\357"
+, (PRUint32)20 },
+  { (void *)"\256\065\177\222\227\106\174\217\023\051\341\333\236\102\145\152"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_178 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"E-Certify RA", (PRUint32)13 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\122\101"
+, (PRUint32)78 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+  { (void *)"\001\117\353\020"
+, (PRUint32)4 },
+  { (void *)"\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001"
+"\117\353\020\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143"
+"\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145"
+"\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011"
+"\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125"
+"\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+"\060\036\027\015\071\071\060\071\063\060\061\066\065\070\065\067"
+"\132\027\015\060\064\060\071\062\067\061\066\065\070\065\067\132"
+"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\122\101\060\202"
+"\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005"
+"\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334"
+"\260\267\045\373\356\014\272\330\243\162\104\017\052\243\343\110"
+"\004\321\364\060\164\006\010\016\137\067\307\066\267\202\232\045"
+"\113\254\153\111\231\000\033\027\362\360\337\027\027\351\355\040"
+"\152\024\153\375\311\314\017\346\014\153\206\345\365\244\372\333"
+"\005\052\000\310\015\352\252\145\100\066\312\363\345\165\071\216"
+"\334\146\333\104\034\236\303\213\103\070\313\274\360\232\311\331"
+"\312\067\023\312\122\301\055\351\107\040\345\314\044\170\340\346"
+"\033\114\270\322\124\202\155\016\271\041\140\357\174\264\000\373"
+"\122\304\057\012\367\004\116\204\057\337\030\254\143\006\040\335"
+"\332\261\201\301\341\255\177\030\210\167\363\353\370\255\317\172"
+"\020\120\126\171\236\124\317\336\034\233\327\102\224\341\317\325"
+"\154\365\136\075\315\345\147\023\073\232\315\072\142\204\371\141"
+"\036\155\325\130\216\331\371\255\052\076\226\361\355\252\177\020"
+"\356\366\000\205\074\261\005\013\064\321\134\142\340\215\022\256"
+"\275\114\124\300\342\274\144\161\140\145\206\306\331\204\253\130"
+"\140\152\061\156\175\117\261\210\242\376\024\114\072\214\373\002"
+"\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004"
+"\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110"
+"\206\367\015\001\001\005\005\000\003\202\001\001\000\255\030\200"
+"\317\060\274\073\350\362\002\025\127\075\350\114\143\346\356\062"
+"\243\177\345\001\360\047\271\052\331\301\250\236\043\036\107\231"
+"\327\056\104\113\024\313\320\275\046\144\003\362\006\217\237\327"
+"\110\250\161\153\026\064\305\076\265\171\230\263\346\340\320\070"
+"\021\231\244\021\173\343\071\245\015\077\235\325\322\305\172\057"
+"\352\104\024\315\020\116\240\064\263\153\211\137\360\256\237\315"
+"\123\325\176\172\120\045\000\041\244\155\351\310\161\000\373\255"
+"\064\027\110\042\356\247\050\154\206\162\333\371\233\206\104\170"
+"\136\005\351\150\064\060\241\025\145\301\251\332\236\135\236\043"
+"\106\116\052\346\116\263\114\237\314\106\010\230\034\074\103\237"
+"\264\316\240\140\357\044\316\116\037\350\302\251\162\273\057\332"
+"\102\006\041\360\232\345\170\107\054\010\164\120\150\140\375\205"
+"\302\373\257\112\222\361\204\235\000\152\310\126\041\216\157\301"
+"\061\313\121\354\166\165\172\337\001\016\162\150\241\362\046\216"
+"\331\270\306\243\144\122\372\155\373\112\075\132\135\270\124\224"
+"\355\125\150\145\235\077\122\114\106\222\026\013\276"
+, (PRUint32)829 }
+};
+static const NSSItem nss_builtins_items_179 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"E-Certify RA", (PRUint32)13 },
+  { (void *)"\217\051\011\013\006\302\070\314\160\305\251\355\227\147\210\315"
+"\066\332\335\131"
+, (PRUint32)20 },
+  { (void *)"\245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_180 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
+"\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157"
+"\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155"
+"\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003"
+"\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156"
+"\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145"
+"\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162"
+"\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123"
+"\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164"
+"\151\157\156\040\101\165\164\150\157\162\151\164\171"
+, (PRUint32)189 },
+  { (void *)"\070\233\021\074"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070"
+"\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006"
+"\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156"
+"\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154"
+"\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043"
+"\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040"
+"\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151"
+"\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156"
+"\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145"
+"\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143"
+"\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060"
+"\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132"
+"\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060"
+"\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164"
+"\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004"
+"\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156"
+"\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162"
+"\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151"
+"\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125"
+"\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164"
+"\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144"
+"\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165"
+"\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145"
+"\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151"
+"\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060"
+"\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201"
+"\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316"
+"\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265"
+"\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236"
+"\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201"
+"\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113"
+"\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002"
+"\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266"
+"\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332"
+"\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202"
+"\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035"
+"\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317"
+"\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023"
+"\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075"
+"\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165"
+"\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105"
+"\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162"
+"\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060"
+"\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060"
+"\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062"
+"\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003"
+"\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043"
+"\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042"
+"\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035"
+"\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234"
+"\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023"
+"\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366"
+"\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064"
+"\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015"
+"\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232"
+"\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251"
+"\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337"
+"\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205"
+"\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021"
+"\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154"
+"\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124"
+"\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274"
+"\005\377\154\211\063\360\354\025\017"
+, (PRUint32)1177 }
+};
+static const NSSItem nss_builtins_items_181 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
+  { (void *)"\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366"
+"\045\072\110\223"
+, (PRUint32)20 },
+  { (void *)"\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_182 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
+"\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
+"\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056"
+"\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143"
+"\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151"
+"\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006"
+"\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105"
+"\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164"
+"\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164"
+"\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040"
+"\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165"
+"\164\150\157\162\151\164\171"
+, (PRUint32)183 },
+  { (void *)"\070\236\366\344"
+, (PRUint32)4 },
+  { (void *)"\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070"
+"\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004"
+"\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013"
+"\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006"
+"\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163"
+"\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151"
+"\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050"
+"\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060"
+"\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060"
+"\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155"
+"\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105"
+"\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156"
+"\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040"
+"\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060"
+"\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062"
+"\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022"
+"\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156"
+"\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167"
+"\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103"
+"\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171"
+"\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151"
+"\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050"
+"\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056"
+"\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006"
+"\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145"
+"\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151"
+"\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171"
+"\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001"
+"\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264"
+"\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162"
+"\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255"
+"\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124"
+"\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064"
+"\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045"
+"\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374"
+"\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047"
+"\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001"
+"\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206"
+"\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335"
+"\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201"
+"\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003"
+"\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164"
+"\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145"
+"\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137"
+"\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162"
+"\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142"
+"\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051"
+"\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145"
+"\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125"
+"\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040"
+"\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141"
+"\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015"
+"\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006"
+"\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062"
+"\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060"
+"\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035"
+"\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030"
+"\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067"
+"\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004"
+"\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105"
+"\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005"
+"\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007"
+"\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060"
+"\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001"
+"\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016"
+"\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022"
+"\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024"
+"\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276"
+"\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277"
+"\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172"
+"\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103"
+"\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235"
+"\316\145\146\227\256\046\136"
+, (PRUint32)1159 }
+};
+static const NSSItem nss_builtins_items_183 [] = {
+  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
+  { (void *)"\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266"
+"\266\360\277\163"
+, (PRUint32)20 },
+  { (void *)"\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056"
+, (PRUint32)16 },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
 
 PR_IMPLEMENT_DATA(const builtinsInternalObject)
 nss_builtins_data[] = {
 #ifdef DEBUG
   { 7, nss_builtins_types_0, nss_builtins_items_0 },
 #endif /* DEBUG */
   { 5, nss_builtins_types_1, nss_builtins_items_1 },
   { 11, nss_builtins_types_2, nss_builtins_items_2 },
@@ -10100,16 +10403,20 @@ nss_builtins_data[] = {
   { 10, nss_builtins_types_171, nss_builtins_items_171 },
   { 11, nss_builtins_types_172, nss_builtins_items_172 },
   { 10, nss_builtins_types_173, nss_builtins_items_173 },
   { 11, nss_builtins_types_174, nss_builtins_items_174 },
   { 10, nss_builtins_types_175, nss_builtins_items_175 },
   { 11, nss_builtins_types_176, nss_builtins_items_176 },
   { 10, nss_builtins_types_177, nss_builtins_items_177 },
   { 11, nss_builtins_types_178, nss_builtins_items_178 },
-  { 10, nss_builtins_types_179, nss_builtins_items_179 }
+  { 10, nss_builtins_types_179, nss_builtins_items_179 },
+  { 11, nss_builtins_types_180, nss_builtins_items_180 },
+  { 10, nss_builtins_types_181, nss_builtins_items_181 },
+  { 11, nss_builtins_types_182, nss_builtins_items_182 },
+  { 10, nss_builtins_types_183, nss_builtins_items_183 }
 };
 PR_IMPLEMENT_DATA(const PRUint32)
 #ifdef DEBUG
-  nss_builtins_nObjects = 179+1;
+  nss_builtins_nObjects = 183+1;
 #else
-  nss_builtins_nObjects = 179;
+  nss_builtins_nObjects = 183;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -3225,176 +3225,16 @@ END
 CKA_CERT_MD5_HASH MULTILINE_OCTAL
 \167\336\004\224\167\320\014\137\247\261\364\060\030\207\373\125
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 
 #
-# Certificate "E-Certify Internet ID"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Internet ID"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103
-\154\151\145\156\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103
-\154\151\145\156\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\002
-\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
-\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022
-\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151
-\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101
-\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060\044
-\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171
-\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103\154
-\151\145\156\164\060\036\027\015\071\070\061\060\061\066\061\063
-\063\064\060\070\132\027\015\060\063\061\060\061\066\061\063\063
-\064\060\070\132\060\143\061\013\060\011\006\003\125\004\006\023
-\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055
-\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013
-\023\017\122\123\101\040\107\157\154\144\040\103\154\151\145\156
-\164\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145
-\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157
-\154\144\040\103\154\151\145\156\164\060\134\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002
-\101\000\160\011\304\365\211\211\115\310\243\362\300\037\344\175
-\360\374\172\310\202\314\146\011\305\051\323\135\010\324\351\350
-\377\137\031\300\373\334\252\217\060\014\076\332\205\167\117\170
-\300\317\075\126\311\263\365\203\226\110\356\220\237\254\016\002
-\316\071\002\003\001\000\001\243\023\060\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
-\052\206\110\206\367\015\001\001\004\005\000\003\101\000\035\222
-\327\114\344\014\326\373\112\075\351\341\302\037\000\367\121\374
-\361\076\370\312\304\361\043\210\217\320\116\177\247\214\173\177
-\004\102\133\367\046\132\264\343\121\162\110\045\125\317\157\360
-\377\003\313\301\331\031\000\364\370\371\364\273\030\126
-END
-
-# Trust for Certificate "E-Certify Internet ID"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Internet ID"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\077\065\017\377\111\047\260\141\105\312\101\073\101\244\215\235
-\044\315\125\035
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\374\012\336\152\227\076\143\333\122\302\131\003\010\060\141\042
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
-# Certificate "E-Certify Commerce ID"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Commerce ID"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123
-\145\162\166\145\162
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123
-\145\162\166\145\162
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
-\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022
-\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151
-\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101
-\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060\044
-\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171
-\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123\145
-\162\166\145\162\060\036\027\015\071\070\061\060\061\066\061\063
-\063\067\065\063\132\027\015\060\063\061\060\061\066\061\063\063
-\067\065\063\132\060\143\061\013\060\011\006\003\125\004\006\023
-\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055
-\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013
-\023\017\122\123\101\040\107\157\154\144\040\123\145\162\166\145
-\162\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145
-\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157
-\154\144\040\123\145\162\166\145\162\060\134\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002
-\101\000\315\125\017\167\022\376\363\200\326\211\001\035\131\356
-\000\262\165\116\246\223\055\136\374\036\004\155\215\115\261\333
-\137\262\053\124\365\301\013\252\016\156\104\220\317\003\215\047
-\010\063\336\073\050\245\326\122\171\067\310\136\221\312\211\002
-\111\027\002\003\001\000\001\243\023\060\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
-\052\206\110\206\367\015\001\001\004\005\000\003\101\000\164\365
-\045\172\071\347\203\020\377\011\173\160\316\054\326\166\341\117
-\174\064\172\210\005\060\362\007\213\021\244\071\215\164\173\246
-\373\172\346\340\006\055\316\160\161\033\230\104\112\023\274\365
-\267\026\213\174\211\264\022\023\032\344\321\016\163\052
-END
-
-# Trust for Certificate "E-Certify Commerce ID"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Commerce ID"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\077\025\014\145\325\170\211\025\237\031\377\341\041\331\311\115
-\150\032\031\205
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\265\302\221\035\163\344\353\371\326\123\300\004\343\077\243\215
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
 # Certificate "Verisign Class 1 Public Primary Certification Authority"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
@@ -10116,8 +9956,475 @@ CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \010\116\326\126
 END
 CKA_CERT_MD5_HASH MULTILINE_OCTAL
 \177\146\172\161\323\353\151\170\040\232\121\024\235\203\332\040
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "E-Certify CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\001\115\105\234
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001
+\115\105\234\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143
+\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145
+\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011
+\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125
+\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+\060\036\027\015\071\071\060\071\062\070\061\066\064\070\062\071
+\132\027\015\060\064\060\071\062\070\061\066\064\070\062\071\132
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\272
+\233\246\161\200\125\164\111\051\125\166\033\307\066\225\060\054
+\062\011\121\356\060\244\153\150\207\107\330\050\012\027\177\157
+\250\232\040\266\253\001\322\256\240\105\106\065\002\002\374\332
+\340\040\162\012\063\015\223\160\270\004\220\111\371\150\070\273
+\015\021\156\071\135\130\172\306\043\146\351\273\027\062\046\350
+\354\022\150\207\051\314\271\345\117\314\210\033\355\225\161\241
+\123\042\056\355\203\134\376\062\127\114\122\123\070\341\025\155
+\000\125\111\207\044\313\344\026\110\270\231\345\332\172\337\243
+\205\230\164\302\371\253\153\111\315\377\102\315\270\055\264\200
+\313\114\172\065\374\220\277\115\323\000\355\317\214\377\117\071
+\373\172\170\360\016\015\111\177\123\076\024\233\046\250\252\311
+\273\341\321\033\335\034\060\257\001\346\233\046\006\144\274\357
+\130\114\132\105\225\120\304\054\076\164\130\351\074\257\373\303
+\253\122\004\332\044\362\261\304\366\133\323\110\340\301\204\060
+\174\321\165\077\344\123\163\135\211\330\356\100\117\011\227\227
+\205\143\215\325\240\256\206\203\153\333\124\150\136\350\113\002
+\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004
+\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\163\076\031
+\174\330\126\321\305\377\012\235\347\266\315\227\363\247\341\101
+\310\176\202\065\377\233\226\322\013\357\161\362\020\345\104\313
+\222\350\016\132\346\076\304\364\225\151\002\274\013\126\200\271
+\161\027\143\036\101\111\052\065\352\034\325\144\253\111\355\013
+\076\213\124\241\115\050\150\352\275\267\201\077\065\171\202\367
+\064\274\171\210\045\236\200\347\317\250\025\257\362\341\025\053
+\007\121\340\324\215\112\112\003\300\042\053\271\150\112\200\303
+\250\205\010\325\247\052\275\313\247\143\175\243\260\312\126\140
+\154\105\341\312\277\024\122\012\302\305\145\354\241\075\037\100
+\371\120\132\344\064\012\157\302\164\254\174\314\047\352\343\207
+\245\123\310\336\174\076\135\102\122\132\353\005\150\246\030\062
+\140\040\170\153\160\024\140\041\202\011\075\036\126\300\025\141
+\000\121\145\262\061\022\371\306\112\006\274\137\364\071\037\166
+\232\211\170\351\066\202\332\265\157\213\177\211\265\114\367\145
+\030\134\201\363\356\120\326\335\354\151\110\237\053\265\336\076
+\275\372\274\154\153\147\123\233\261\223\271\221\106
+END
+
+# Trust for Certificate "E-Certify CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\133\330\153\206\375\275\330\206\371\233\310\120\106\350\052\112
+\211\152\317\357
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\256\065\177\222\227\106\174\217\023\051\341\333\236\102\145\152
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "E-Certify RA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify RA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\122\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\001\117\353\020
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001
+\117\353\020\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143
+\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145
+\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011
+\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125
+\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+\060\036\027\015\071\071\060\071\063\060\061\066\065\070\065\067
+\132\027\015\060\064\060\071\062\067\061\066\065\070\065\067\132
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\122\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334
+\260\267\045\373\356\014\272\330\243\162\104\017\052\243\343\110
+\004\321\364\060\164\006\010\016\137\067\307\066\267\202\232\045
+\113\254\153\111\231\000\033\027\362\360\337\027\027\351\355\040
+\152\024\153\375\311\314\017\346\014\153\206\345\365\244\372\333
+\005\052\000\310\015\352\252\145\100\066\312\363\345\165\071\216
+\334\146\333\104\034\236\303\213\103\070\313\274\360\232\311\331
+\312\067\023\312\122\301\055\351\107\040\345\314\044\170\340\346
+\033\114\270\322\124\202\155\016\271\041\140\357\174\264\000\373
+\122\304\057\012\367\004\116\204\057\337\030\254\143\006\040\335
+\332\261\201\301\341\255\177\030\210\167\363\353\370\255\317\172
+\020\120\126\171\236\124\317\336\034\233\327\102\224\341\317\325
+\154\365\136\075\315\345\147\023\073\232\315\072\142\204\371\141
+\036\155\325\130\216\331\371\255\052\076\226\361\355\252\177\020
+\356\366\000\205\074\261\005\013\064\321\134\142\340\215\022\256
+\275\114\124\300\342\274\144\161\140\145\206\306\331\204\253\130
+\140\152\061\156\175\117\261\210\242\376\024\114\072\214\373\002
+\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004
+\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\255\030\200
+\317\060\274\073\350\362\002\025\127\075\350\114\143\346\356\062
+\243\177\345\001\360\047\271\052\331\301\250\236\043\036\107\231
+\327\056\104\113\024\313\320\275\046\144\003\362\006\217\237\327
+\110\250\161\153\026\064\305\076\265\171\230\263\346\340\320\070
+\021\231\244\021\173\343\071\245\015\077\235\325\322\305\172\057
+\352\104\024\315\020\116\240\064\263\153\211\137\360\256\237\315
+\123\325\176\172\120\045\000\041\244\155\351\310\161\000\373\255
+\064\027\110\042\356\247\050\154\206\162\333\371\233\206\104\170
+\136\005\351\150\064\060\241\025\145\301\251\332\236\135\236\043
+\106\116\052\346\116\263\114\237\314\106\010\230\034\074\103\237
+\264\316\240\140\357\044\316\116\037\350\302\251\162\273\057\332
+\102\006\041\360\232\345\170\107\054\010\164\120\150\140\375\205
+\302\373\257\112\222\361\204\235\000\152\310\126\041\216\157\301
+\061\313\121\354\166\165\172\337\001\016\162\150\241\362\046\216
+\331\270\306\243\144\122\372\155\373\112\075\132\135\270\124\224
+\355\125\150\145\235\077\122\114\106\222\026\013\276
+END
+
+# Trust for Certificate "E-Certify RA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify RA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\217\051\011\013\006\302\070\314\160\305\251\355\227\147\210\315
+\066\332\335\131
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Server CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125
+\004\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157
+\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155
+\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003
+\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156
+\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145
+\144\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162
+\165\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123
+\145\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\233\021\074
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\225\060\202\003\376\240\003\002\001\002\002\004\070
+\233\021\074\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\272\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075\006
+\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151\156
+\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154
+\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043
+\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040
+\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151
+\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105\156
+\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162\145
+\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\036\027\015\060\060\060\062\060\064\061\067\062\060\060\060\132
+\027\015\062\060\060\062\060\064\061\067\065\060\060\060\132\060
+\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156\164
+\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125\004
+\013\024\066\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\123\123\114\137\103\120\123\040\151\156\143\157\162
+\160\056\040\142\171\040\162\145\146\056\040\050\154\151\155\151
+\164\163\040\154\151\141\142\056\051\061\045\060\043\006\003\125
+\004\013\023\034\050\143\051\040\062\060\060\060\040\105\156\164
+\162\165\163\164\056\156\145\164\040\114\151\155\151\164\145\144
+\061\072\060\070\006\003\125\004\003\023\061\105\156\164\162\165
+\163\164\056\156\145\164\040\123\145\143\165\162\145\040\123\145
+\162\166\145\162\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\060\201\237\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201
+\215\000\060\201\211\002\201\201\000\307\301\137\116\161\361\316
+\360\140\206\017\322\130\177\323\063\227\055\027\242\165\060\265
+\226\144\046\057\150\303\104\253\250\165\346\000\147\064\127\236
+\145\307\042\233\163\346\323\335\010\016\067\125\252\045\106\201
+\154\275\376\250\366\165\127\127\214\220\154\112\303\076\213\113
+\103\012\311\021\126\232\232\047\042\231\317\125\236\141\331\002
+\342\174\266\174\070\007\334\343\177\117\232\271\003\101\200\266
+\165\147\023\013\237\350\127\066\310\135\000\066\336\146\024\332
+\156\166\037\117\067\214\202\023\211\002\003\001\000\001\243\202
+\001\244\060\202\001\240\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\201\343\006\003\125\035
+\037\004\201\333\060\201\330\060\201\325\240\201\322\240\201\317
+\244\201\314\060\201\311\061\024\060\022\006\003\125\004\012\023
+\013\105\156\164\162\165\163\164\056\156\145\164\061\077\060\075
+\006\003\125\004\013\024\066\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\123\123\114\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\072\060\070\006\003\125\004\003\023\061\105
+\156\164\162\165\163\164\056\156\145\164\040\123\145\143\165\162
+\145\040\123\145\162\166\145\162\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060
+\053\006\003\125\035\020\004\044\060\042\200\017\062\060\060\060
+\060\062\060\064\061\067\062\060\060\060\132\201\017\062\060\062
+\060\060\062\060\064\061\067\065\060\060\060\132\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\037\006\003\125\035\043
+\004\030\060\026\200\024\313\154\300\153\343\273\076\313\374\042
+\234\376\373\213\222\234\260\362\156\042\060\035\006\003\125\035
+\016\004\026\004\024\313\154\300\153\343\273\076\313\374\042\234
+\376\373\213\222\234\260\362\156\042\060\014\006\003\125\035\023
+\004\005\060\003\001\001\377\060\035\006\011\052\206\110\206\366
+\175\007\101\000\004\020\060\016\033\010\126\065\056\060\072\064
+\056\060\003\002\004\220\060\015\006\011\052\206\110\206\367\015
+\001\001\004\005\000\003\201\201\000\142\333\201\221\316\310\232
+\167\102\057\354\275\047\243\123\017\120\033\352\116\222\360\251
+\257\251\240\272\110\141\313\357\311\006\357\037\325\364\356\337
+\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205
+\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021
+\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154
+\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124
+\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274
+\005\377\154\211\063\360\354\025\017
+END
+
+# Trust for Certificate "Entrust.net Global Secure Server CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Server CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366
+\045\072\110\223
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\235\146\152\314\377\325\365\103\264\277\214\026\321\053\250\231
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "Entrust.net Global Secure Personal CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\107\103\103\101\137\103\120\123\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\062\060\060\060\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\154\151\145\156\164\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\070\236\366\344
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\203\060\202\003\354\240\003\002\001\002\002\004\070
+\236\366\344\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006
+\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\107\103\103\101\137\103\120\123\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\062\060\060\060
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105
+\156\164\162\165\163\164\056\156\145\164\040\103\154\151\145\156
+\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\036\027\015\060\060\060
+\062\060\067\061\066\061\066\064\060\132\027\015\062\060\060\062
+\060\067\061\066\064\066\064\060\132\060\201\264\061\024\060\022
+\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156
+\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167
+\056\145\156\164\162\165\163\164\056\156\145\164\057\107\103\103
+\101\137\103\120\123\040\151\156\143\157\162\160\056\040\142\171
+\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151
+\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050
+\143\051\040\062\060\060\060\040\105\156\164\162\165\163\164\056
+\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006
+\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145
+\164\040\103\154\151\145\156\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\223\164\264
+\266\344\305\113\326\241\150\177\142\325\354\367\121\127\263\162
+\112\230\365\320\211\311\255\143\315\115\065\121\152\204\324\255
+\311\150\171\157\270\353\021\333\207\256\134\044\121\023\361\124
+\045\204\257\051\053\237\343\200\342\331\313\335\306\105\111\064
+\210\220\136\001\227\357\352\123\246\335\374\301\336\113\052\045
+\344\351\065\372\125\005\006\345\211\172\352\244\021\127\073\374
+\174\075\066\315\147\065\155\244\251\045\131\275\146\365\371\047
+\344\225\147\326\077\222\200\136\362\064\175\053\205\002\003\001
+\000\001\243\202\001\236\060\202\001\232\060\021\006\011\140\206
+\110\001\206\370\102\001\001\004\004\003\002\000\007\060\201\335
+\006\003\125\035\037\004\201\325\060\201\322\060\201\317\240\201
+\314\240\201\311\244\201\306\060\201\303\061\024\060\022\006\003
+\125\004\012\023\013\105\156\164\162\165\163\164\056\156\145\164
+\061\100\060\076\006\003\125\004\013\024\067\167\167\167\056\145
+\156\164\162\165\163\164\056\156\145\164\057\107\103\103\101\137
+\103\120\123\040\151\156\143\157\162\160\056\040\142\171\040\162
+\145\146\056\040\050\154\151\155\151\164\163\040\154\151\141\142
+\056\051\061\045\060\043\006\003\125\004\013\023\034\050\143\051
+\040\062\060\060\060\040\105\156\164\162\165\163\164\056\156\145
+\164\040\114\151\155\151\164\145\144\061\063\060\061\006\003\125
+\004\003\023\052\105\156\164\162\165\163\164\056\156\145\164\040
+\103\154\151\145\156\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\061\015
+\060\013\006\003\125\004\003\023\004\103\122\114\061\060\053\006
+\003\125\035\020\004\044\060\042\200\017\062\060\060\060\060\062
+\060\067\061\066\061\066\064\060\132\201\017\062\060\062\060\060
+\062\060\067\061\066\064\066\064\060\132\060\013\006\003\125\035
+\017\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030
+\060\026\200\024\204\213\164\375\305\215\300\377\047\155\040\067
+\105\174\376\055\316\272\323\175\060\035\006\003\125\035\016\004
+\026\004\024\204\213\164\375\305\215\300\377\047\155\040\067\105
+\174\376\055\316\272\323\175\060\014\006\003\125\035\023\004\005
+\060\003\001\001\377\060\035\006\011\052\206\110\206\366\175\007
+\101\000\004\020\060\016\033\010\126\065\056\060\072\064\056\060
+\003\002\004\220\060\015\006\011\052\206\110\206\367\015\001\001
+\004\005\000\003\201\201\000\116\157\065\200\073\321\212\365\016
+\247\040\313\055\145\125\320\222\364\347\204\265\006\046\203\022
+\204\013\254\073\262\104\356\275\317\100\333\040\016\272\156\024
+\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276
+\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277
+\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172
+\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103
+\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235
+\316\145\146\227\256\046\136
+END
+
+# Trust for Certificate "Entrust.net Global Secure Personal CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Global Secure Personal CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266
+\266\360\277\163
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\232\167\031\030\355\226\317\337\033\267\016\365\215\271\210\056
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
--- a/security/nss/lib/crmf/asn1cmn.c
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -57,17 +57,18 @@ static const SEC_ASN1Template CMMFCertOr
 
 const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)},
     { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
       CMMFCertOrEncCertTemplate },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
       offsetof(CMMFCertifiedKeyPair, privateKey),
       CRMFEncryptedValueTemplate},
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
+      SEC_ASN1_XTRN | 1,
       offsetof (CMMFCertifiedKeyPair, derPublicationInfo),
       SEC_ASN1_SUB(SEC_AnyTemplate) },
     { 0 }
 };
 
 const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)},
     { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)},
--- a/security/nss/lib/crmf/crmftmpl.c
+++ b/security/nss/lib/crmf/crmftmpl.c
@@ -68,21 +68,21 @@ static const SEC_ASN1Template CRMFCertEx
 };
 
 static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF, 0, CRMFCertExtensionTemplate }
 };
 
 static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) },
-    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
       SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0, 
       offsetof (CRMFOptionalValidity, notBefore),
       SEC_ASN1_SUB(SEC_UTCTimeTemplate) },
-    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
       SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, 
       offsetof (CRMFOptionalValidity, notAfter),
       SEC_ASN1_SUB(SEC_UTCTimeTemplate) },
     { 0 }
 };
 
 static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
     { SEC_ASN1_POINTER, 0, CERT_NameTemplate},
@@ -108,20 +108,22 @@ static const SEC_ASN1Template CRMFCertTe
      offsetof (CRMFCertTemplate, validity), 
      CRMFOptionalValidityTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
      SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5, 
      offsetof (CRMFCertTemplate, subject), crmfPointerToNameTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 6, 
      offsetof (CRMFCertTemplate, publicKey), 
      CERT_SubjectPublicKeyInfoTemplate }, 
-   { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 7,
+   { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 
+     SEC_ASN1_XTRN | 7,
      offsetof (CRMFCertTemplate, issuerUID), 
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
-   { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 8,
+   { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+     SEC_ASN1_XTRN | 8,
      offsetof (CRMFCertTemplate, subjectUID), 
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | 
      SEC_ASN1_CONTEXT_SPECIFIC | 9, 
      offsetof (CRMFCertTemplate, extensions), 
      CRMFSequenceOfCertExtensionTemplate },
    { 0 }
 };
@@ -179,17 +181,18 @@ const SEC_ASN1Template CRMFRAVerifiedTem
       SEC_NullTemplate },
     { 0 }
 };
 
 
 /* This template will need to add POPOSigningKeyInput eventually, maybe*/
 static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
+      SEC_ASN1_XTRN | 0,
       offsetof(CRMFPOPOSigningKey, derInput), 
       SEC_ASN1_SUB(SEC_AnyTemplate) },
     { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 
       offsetof(CRMFPOPOSigningKey, algorithmIdentifier),
       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN, 
       offsetof(CRMFPOPOSigningKey, signature),
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
@@ -245,24 +248,26 @@ const SEC_ASN1Template CRMFEncryptedValu
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 
       SEC_ASN1_XTRN | 0,
       offsetof(CRMFEncryptedValue, intendedAlg), 
       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 
       SEC_ASN1_XTRN | 1,
       offsetof (CRMFEncryptedValue, symmAlg), 
       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
-    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 2, 
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 
+      SEC_ASN1_XTRN | 2, 
       offsetof(CRMFEncryptedValue, encSymmKey), 
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 
       SEC_ASN1_XTRN | 3,
       offsetof(CRMFEncryptedValue, keyAlg), 
       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 4,
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 
+      SEC_ASN1_XTRN | 4,
       offsetof(CRMFEncryptedValue, valueHint),
       SEC_ASN1_SUB(SEC_OctetStringTemplate) },
     { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
     { 0 }
 };
 
 const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = {
     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -131,17 +131,17 @@ endif
 endif
 endif
 endif
 
 # Note: -xarch=v8 or v9 is now done in coreconf
 ifeq ($(OS_TARGET),SunOS)
 ifeq ($(CPU_ARCH),sparc)
 ifndef NS_USE_GCC
-ifndef USE_PURE_32
+ifdef USE_HYBRID
     OS_CFLAGS += -xchip=ultra2
 endif
 endif
 ifeq ($(OS_RELEASE),5.5.1)
     SYSV_SPARC = 1
 endif
 ifeq ($(OS_RELEASE),5.6)
     SYSV_SPARC = 1
--- a/security/nss/lib/freebl/mpi/mpprime.c
+++ b/security/nss/lib/freebl/mpi/mpprime.c
@@ -475,32 +475,32 @@ mp_err mpp_make_prime(mp_int *start, mp_
     --nBits;
   MP_CHECKOK( mpl_set_bit(start, nBits - 1, 1) );
   MP_CHECKOK( mpl_set_bit(start,         0, 1) );
   for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) {
     MP_CHECKOK( mpl_set_bit(start, i, 0) );
   }
   /* start sieveing with prime value of 3. */
   MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1, 
-		       sieve, sizeof sieve) );
+		       sieve, SIEVE_SIZE) );
 
 #ifdef DEBUG_SIEVE
   res = 0;
-  for (i = 0; i < sizeof sieve; ++i) {
+  for (i = 0; i < SIEVE_SIZE; ++i) {
     if (!sieve[i])
       ++res;
   }
   fprintf(stderr,"sieve found %d potential primes.\n", res);
 #define FPUTC(x,y) fputc(x,y)
 #else
 #define FPUTC(x,y) 
 #endif
 
   res = MP_NO;
-  for(i = 0; i < sizeof sieve; ++i) {
+  for(i = 0; i < SIEVE_SIZE; ++i) {
     if (sieve[i])	/* this number is composite */
       continue;
     MP_CHECKOK( mp_add_d(start, 2 * i, &trial) );
     FPUTC('.', stderr);
     /* run a Fermat test */
     res = mpp_fermat(&trial, 2);
     if (res != MP_OKAY) {
       if (res == MP_NO)
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -454,18 +454,22 @@ CERT_AddRDN;
 CERT_CreateRDN;
 CERT_CreateAVA;
 CERT_CreateName;
 ;+    local:
 ;+       *;
 ;+};
 ;+NSS_3.3 { 	# NSS 3.3. release
 ;+    global:
+CERT_CheckCertUsage;
+CERT_FindCertIssuer;
+PK11_GetModule;
 SECKEY_CreateDHPrivateKey;
-CERT_CheckCertUsage;
+SECKEY_GetPublicKeyType;
+SECMOD_AddNewModule;
 ;+#
 ;+# The following symbols are exported only to make JSS work.
 ;+# These are still private!!!
 ;+#
 CERT_DisableOCSPChecking;
 CERT_DisableOCSPDefaultResponder;
 CERT_EnableOCSPDefaultResponder;
 CERT_GetCertTimes;
@@ -476,70 +480,81 @@ CERT_IsCADERCert;
 CERT_SetOCSPDefaultResponder;
 PBE_CreateContext;
 PBE_DestroyContext;
 PBE_GenerateBits;
 PK11_CheckSSOPassword;
 PK11_CopySymKeyForSigning;
 PK11_DeleteTokenCertAndKey;
 PK11_DEREncodePublicKey;
+PK11_ExtractKeyValue;
 PK11_FindCertsFromNickname;
 PK11_FindKeyByKeyID;
 PK11_GetIVLength;
 PK11_GetKeyData;
 PK11_GetKeyType;
 PK11_GetLowLevelKeyIDForCert;
 PK11_GetLowLevelKeyIDForPrivateKey;
+PK11_GetSlotPWValues;
 PK11_ImportCertForKey;
 PK11_ImportDERCertForKey;
 PK11_ImportDERPrivateKeyInfo;
+PK11_ImportSymKey;
 PK11_IsLoggedIn;
 PK11_KeyForDERCertExists;
 PK11_KeyForCertExists;
+PK11_ListPrivateKeysInSlot;
+PK11_ListCertsInSlot;
 PK11_Logout;
 PK11_NeedPWInit;
 PK11_MakeIDFromPubKey;
 PK11_PQG_DestroyParams;
 PK11_PQG_DestroyVerify;
 PK11_PQG_GetBaseFromParams;
 PK11_PQG_GetCounterFromVerify;
 PK11_PQG_GetHFromVerify;
 PK11_PQG_GetPrimeFromParams;
 PK11_PQG_GetSeedFromVerify;
 PK11_PQG_GetSubPrimeFromParams;
 PK11_PQG_NewParams;
 PK11_PQG_NewVerify;
 PK11_PQG_ParamGen;
 PK11_PQG_ParamGenSeedLen;
 PK11_PQG_VerifyParams;
+PK11_ReferenceSlot;
 PK11_SeedRandom;
 PK11_UnwrapPrivKey;
 PK11_VerifyRecover;
 PK11_WrapPrivKey;
-PK11_ReferenceSlot;
-PK11_GetSlotPWValues;
-PK11_ImportSymKey;
-PK11_ExtractKeyValue;
 SEC_CertNicknameConflict;
+SEC_PKCS5GetIV;
 SECMOD_DeleteInternalModule;
 SECMOD_DestroyModule;
 SECMOD_GetDefaultModuleList;
 SECMOD_GetDefaultModuleListLock;
 SECMOD_GetInternalModule;
 SECMOD_GetReadLock;
 SECMOD_ReferenceModule;
 SECMOD_ReleaseReadLock;
-SECKEY_GetPrivateKeyType;
+SECKEY_AddPrivateKeyToListTail;
 SECKEY_EncodeDERSubjectPublicKeyInfo;
 SECKEY_ExtractPublicKey;
+SECKEY_DestroyPrivateKeyList;
+SECKEY_GetPrivateKeyType;
 SECKEY_HashPassword;
 SECKEY_ImportDERPublicKey;
 SECKEY_NewPrivateKeyList;
-SECKEY_DestroyPrivateKeyList;
 SECKEY_RemovePrivateKeyListNode;
-SECKEY_AddPrivateKeyToListTail;
-SEC_PKCS5GetIV;
-PK11_ListPrivateKeysInSlot;
-PK11_ListCertsInSlot;
 VFY_EndWithSignature;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_3.3.1 { 	# NSS 3.3.1 release
+;+    global:
+;+#
+;+# The following symbols are exported only to make libsmime3.so work. 
+;+# These are still private!!!
+;+#
+PK11_CreatePBEParams;
+PK11_DestroyPBEParams;
+;+    local:
+;+       *;
+;+};
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -44,20 +44,20 @@ SEC_BEGIN_PROTOS
 
 /*
  * NSS's major version, minor version, patch level, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.3 Beta"
+#define NSS_VERSION  "3.3.2 Beta"
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   3
-#define NSS_VPATCH   0
+#define NSS_VPATCH   2
 #define NSS_BETA     PR_TRUE
 
 
 /*
  * Return a boolean that indicates whether the underlying library
  * will perform as the caller expects.
  *
  * The only argument is a string, which should be the verson
--- a/security/nss/lib/pk11wrap/pk11db.c
+++ b/security/nss/lib/pk11wrap/pk11db.c
@@ -104,26 +104,27 @@ SECMODModuleList *SECMOD_NewModuleListEl
 	newModList->module = NULL;
     }
     return newModList;
 }
 
 static unsigned long internalFlags = SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|
 	SECMOD_RC2_FLAG| SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|SECMOD_SSL_FLAG|
-	SECMOD_TLS_FLAG|SECMOD_AES_FLAG;
+	SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG;
 
 /* create a Internal  module */
 SECMODModule *SECMOD_NewInternal(void) {
     SECMODModule *intern;
     static PK11PreSlotInfo internSlotInfo =
 	{ 1, SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|SECMOD_RC2_FLAG|
 	SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
 	SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|
-	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG, -1, 30, 0 };
+	SECMOD_SSL_FLAG|SECMOD_TLS_FLAG|SECMOD_AES_FLAG|SECMOD_DH_FLAG,
+	-1, 30, 0 };
 
     intern = SECMOD_NewModule();
     if (intern == NULL) {
 	return NULL;
     }
 
     /*
      * make this module an internal module
@@ -310,19 +311,19 @@ struct secmodSlotDataStr {
     unsigned char defaultFlags[4];
     unsigned char timeout[4];
     unsigned char askpw;
     unsigned char hasRootCerts;
     unsigned char reserved[18]; /* this makes it a round 32 bytes */
 };
 
 #define SECMOD_DB_VERSION_MAJOR 0
-#define SECMOD_DB_VERSION_MINOR 4
+#define SECMOD_DB_VERSION_MINOR 5
 #define SECMOD_DB_NOUI_VERSION_MAJOR 0
-#define SECMOD_DB_NOUI_VERSION_MINOR 3
+#define SECMOD_DB_NOUI_VERSION_MINOR 4
 
 #define SECMOD_PUTSHORT(dest,src) \
 	(dest)[1] = (unsigned char) ((src)&0xff); \
 	(dest)[0] = (unsigned char) (((src) >> 8) & 0xff);
 #define SECMOD_PUTLONG(dest,src) \
 	(dest)[3] = (unsigned char) ((src)&0xff); \
 	(dest)[2] = (unsigned char) (((src) >> 8) & 0xff); \
 	(dest)[1] = (unsigned char) (((src) >> 16) & 0xff); \
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -450,16 +450,27 @@ SECStatus PK11_GenerateFortezzaIV(PK11Sy
 SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
 void PK11_FreeSlotCerts(PK11SlotInfo *slot);
 void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
 
 
 /**********************************************************************
  *                   PBE functions 
  **********************************************************************/
+
+/* This function creates PBE parameters from the given inputs.  The result
+ * can be used to create a password integrity key for PKCS#12, by sending
+ * the return value to PK11_KeyGen along with the appropriate mechanism.
+ */
+SECItem * 
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
+
+/* free params created above (can be called after keygen is done */
+void PK11_DestroyPBEParams(SECItem *params);
+
 SECAlgorithmID *
 PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
 PK11SymKey *
 PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid,  SECItem *pwitem,
 	       PRBool faulty3DES, void *wincx);
 SECItem *
 PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
 
--- a/security/nss/lib/pk11wrap/pk11kea.c
+++ b/security/nss/lib/pk11wrap/pk11kea.c
@@ -94,28 +94,35 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_M
 	wrapData.data = NULL;
 
 	/* find RSA Public Key on target */
 	pubKeyHandle = pk11_FindRSAPubKey(slot);
 	if (pubKeyHandle != CK_INVALID_KEY) {
 	    privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
 	}
 
-	/* if no key exits, generate a key pair */
+	/* if no key exists, generate a key pair */
 	if (privKeyHandle == CK_INVALID_KEY) {
-	    unsigned int     keyLength = PK11_GetKeyLength(symKey);
+	    unsigned int     symKeyLength = PK11_GetKeyLength(symKey);
 	    PK11RSAGenParams rsaParams;
 
+	    if (symKeyLength > 60) /* bytes */ {
+		/* we'd have to generate an RSA key pair > 512 bits long,
+		** and that's too costly.  Don't even try. 
+		*/
+		PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
+		goto rsa_failed;
+	    }
 	    rsaParams.keySizeInBits = 
-		((keyLength == 0) || (keyLength > 16)) ? 512 : 256;
+	        (symKeyLength > 28 || symKeyLength == 0) ? 512 : 256;
 	    rsaParams.pe  = 0x10001;
 	    privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN, 
-		&rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
+			    &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
 	} else {
-	    /* if key's exist, build SECKEY data structures for them */
+	    /* if keys exist, build SECKEY data structures for them */
 	    privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
 					symKey->cx);
 	    if (privKey != NULL) {
     		pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
 		if (pubKey && pubKey->pkcs11Slot) {
 		    PK11_FreeSlot(pubKey->pkcs11Slot);
 		    pubKey->pkcs11Slot = NULL;
 		    pubKey->pkcs11ID = CK_INVALID_KEY;
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -166,17 +166,17 @@ pk11_getKeyFromList(PK11SlotInfo *slot) 
     if (slot->freeSymKeysHead) {
     	symKey = slot->freeSymKeysHead;
 	slot->freeSymKeysHead = symKey->next;
 	slot->keyCount--;
     }
     PK11_USE_THREADS(PZ_Unlock(slot->freeListLock);)
     if (symKey) {
 	symKey->next = NULL;
-	if (!symKey->sessionOwner)
+	if ((symKey->series != slot->series) || (!symKey->sessionOwner))
     	    symKey->session = pk11_GetNewSession(slot,&symKey->sessionOwner);
 	return symKey;
     }
 
     symKey = (PK11SymKey *)PORT_ZAlloc(sizeof(PK11SymKey));
     if (symKey == NULL) {
 	return NULL;
     }
@@ -1202,51 +1202,54 @@ pk11_ForceSlot(PK11SymKey *symKey,CK_MEC
  * length algorithms. NOTE: this means we can never generate a DES2 key
  * from this interface!
  */
 PK11SymKey *
 PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
     int keySize, SECItem *keyid, PRBool isToken, void *wincx)
 {
     PK11SymKey *symKey;
-    CK_ATTRIBUTE genTemplate[4];
+    CK_ATTRIBUTE genTemplate[5];
     CK_ATTRIBUTE *attrs = genTemplate;
     int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
     CK_SESSION_HANDLE session;
     CK_MECHANISM mechanism;
     CK_RV crv;
     PRBool weird = PR_FALSE;   /* hack for fortezza */
     CK_BBOOL ckfalse = CK_FALSE;
     CK_BBOOL cktrue = CK_TRUE;
+    CK_ULONG ck_key_size;       /* only used for variable-length keys */
 
     if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) {
 	weird = PR_TRUE;
 	keySize = 0;
     }
 
     /* TNH: Isn't this redundant, since "handleKey" will set defaults? */
     PK11_SETATTRS(attrs, (!weird) 
 	? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++;
     
     if (keySize != 0) {
-        CK_ULONG key_size = keySize; /* Convert to PK11 type */
-
-        PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size)); 
+        ck_key_size = keySize; /* Convert to PK11 type */
+
+        PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size)); 
 							attrs++;
     }
 
     /* Include key id value if provided */
     if (keyid) {
         PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len); attrs++;
     }
 
     if (isToken) {
         PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue));  attrs++;
     }
 
+    PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(cktrue));  attrs++;
+
     count = attrs - genTemplate;
     PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
 
     /* find a slot to generate the key into */
     /* Only do slot management if this is not a token key */
     if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot,type))) {
         PK11SlotInfo *bestSlot;
 
@@ -4047,16 +4050,59 @@ PK11_DigestFinal(PK11Context *context,un
 }
 
 /****************************************************************************
  *
  * Now Do The PBE Functions Here...
  *
  ****************************************************************************/
 
+static void
+pk11_destroy_ck_pbe_params(CK_PBE_PARAMS *pbe_params)
+{
+    if (pbe_params) {
+	if (pbe_params->pPassword)
+	    PORT_ZFree(pbe_params->pPassword, PR_FALSE);
+	if (pbe_params->pSalt)
+	    PORT_ZFree(pbe_params->pSalt, PR_FALSE);
+	PORT_ZFree(pbe_params, PR_TRUE);
+    }
+}
+
+SECItem * 
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations)
+{
+    CK_PBE_PARAMS *pbe_params = NULL;
+    SECItem *paramRV = NULL;
+    pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS));
+    pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwd->len);
+    if (pbe_params->pPassword != NULL) {
+	PORT_Memcpy(pbe_params->pPassword, pwd->data, pwd->len);
+	pbe_params->ulPasswordLen = pwd->len;
+    } else goto loser;
+    pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(salt->len);
+    if (pbe_params->pSalt != NULL) {
+	PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
+	pbe_params->ulSaltLen = salt->len;
+    } else goto loser;
+    pbe_params->ulIteration = (CK_ULONG)iterations;
+    paramRV = SECITEM_AllocItem(NULL, NULL, sizeof(CK_PBE_PARAMS));
+    paramRV->data = (unsigned char *)pbe_params;
+    return paramRV;
+loser:
+    pk11_destroy_ck_pbe_params(pbe_params);
+    return NULL;
+}
+
+void
+PK11_DestroyPBEParams(SECItem *params)
+{
+    pk11_destroy_ck_pbe_params((CK_PBE_PARAMS *)params->data);
+}
+
 SECAlgorithmID *
 PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt)
 {
     SECAlgorithmID *algid;
 
     algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, iteration);
     return algid;
 }
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -2824,16 +2824,19 @@ PK11_GetKeyGen(CK_MECHANISM_TYPE type)
     case CKM_MD2_HMAC:
     case CKM_MD2_HMAC_GENERAL:
     case CKM_MD5_HMAC:
     case CKM_MD5_HMAC_GENERAL:
     case CKM_TLS_PRF_GENERAL:
 	return CKM_GENERIC_SECRET_KEY_GEN;
     case CKM_PBE_MD2_DES_CBC:
     case CKM_PBE_MD5_DES_CBC:
+    case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+    case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+    case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
     case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
     case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
     case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
     case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
     case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
     case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
     case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
     case CKM_PBE_SHA1_RC2_40_CBC:
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -71,17 +71,17 @@ static PRBool secmod_ModuleHasRoots(SECM
 /*
  * The following code is an attempt to automagically find the external root
  * module. NOTE: This code should be checked out on the MAC! There must be
  * some cross platform support out there to help out with this?
  * Note: Keep the #if-defined chunks in order. HPUX must select before UNIX.
  */
 
 static char *dllnames[]= {
-#if defined(XP_WIN32)
+#if defined(XP_WIN32) || defined(XP_OS2)
 	"nssckbi.dll",
 	"roots.dll", 
 	"netckbi.dll",
 	"mozckbi.dll",
 #elif defined(HPUX)
 	"libnssckbi.sl",
 	"libroots.sl",
 	"libnetckbi.sl",
@@ -227,16 +227,22 @@ SECMOD_GetInternalModule(void) {
 /* called from  security/cmd/swfort/instinit, which doesn't need a full 
  * security LIBRARY (it used the swfortezza code, but it does have to verify
  * cert chains against it's own list of certs. We need to initialize the 
  * security code without any database.
  */
 void
 SECMOD_SetInternalModule( SECMODModule *mod) {
    internalModule = SECMOD_ReferenceModule(mod);
+   modules = SECMOD_NewModuleListElement();
+   modules->module = SECMOD_ReferenceModule(mod);
+   modules->next = NULL;
+   if (!moduleLock) {
+       moduleLock = SECMOD_NewListLock();
+   }
 }
 
 /*
  * get the list of PKCS11 modules that are available.
  */
 SECMODModuleList *SECMOD_GetDefaultModuleList() { return modules; }
 SECMODListLock *SECMOD_GetDefaultModuleListLock() { return moduleLock; }
 
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -1147,57 +1147,59 @@ loser:
 /* verify the hmac by reading the data from the temporary file
  * using the routines specified when the decodingContext was 
  * created and return SECSuccess if the hmac matches.
  */
 static SECStatus
 sec_pkcs12_decoder_verify_mac(SEC_PKCS12DecoderContext *p12dcx)
 {
     SECStatus rv = SECFailure;
-    PBEBitGenContext *pbeCtxt = NULL;
-    SECItem *hmacKey = NULL, hmacRes;
+    SECItem hmacRes;
     unsigned char buf[IN_BUF_LEN];
     unsigned int bufLen;
     int iteration;
     PK11Context *pk11cx;
+    SECItem ignore = {0};
+    PK11SymKey *symKey;
+    SECItem *params;
     SECOidTag algtag;
-    SECItem ignore = {0};
+    CK_MECHANISM_TYPE integrityMech;
     
     if(!p12dcx || p12dcx->error) {
 	return SECFailure;
     }
 
     /* generate hmac key */
     if(p12dcx->macData.iter.data) {
 	iteration = (int)DER_GetInteger(&p12dcx->macData.iter);
     } else {
 	iteration = 1;
     }
-    pbeCtxt = PBE_CreateContext(SECOID_GetAlgorithmTag(
-				&p12dcx->macData.safeMac.digestAlgorithm),
-				pbeBitGenIntegrityKey, p12dcx->pwitem,
-				&p12dcx->macData.macSalt, 160, iteration);
-    if(!pbeCtxt) {
-	return SECFailure;
+
+    params = PK11_CreatePBEParams(&p12dcx->macData.macSalt, p12dcx->pwitem,
+                                  iteration);
+
+    algtag = SECOID_GetAlgorithmTag(&p12dcx->macData.safeMac.digestAlgorithm);
+    switch (algtag) {
+    case SEC_OID_SHA1:
+	integrityMech = CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN; break;
+    case SEC_OID_MD5:
+	integrityMech = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;  break;
+    case SEC_OID_MD2:
+	integrityMech = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;  break;
+    default:
+	goto loser;
     }
-    hmacKey = PBE_GenerateBits(pbeCtxt);
-    PBE_DestroyContext(pbeCtxt);
-    pbeCtxt = NULL;
-    if(!hmacKey) {
-	return SECFailure;
-    }
-
+
+    symKey = PK11_KeyGen(NULL, integrityMech, params, 20, NULL);
+    PK11_DestroyPBEParams(params);
+    if (!symKey) goto loser;
     /* init hmac */
-    algtag = SECOID_GetAlgorithmTag(&p12dcx->macData.safeMac.digestAlgorithm);
-    pk11cx = PK11_CreateContextByRawKey(NULL, 
-                                        sec_pkcs12_algtag_to_mech(algtag),
-                                        PK11_OriginDerive, CKA_SIGN, 
-                                        hmacKey, &ignore, NULL);
-    SECITEM_ZfreeItem(hmacKey, PR_TRUE);
-    hmacKey = NULL;
+    pk11cx = PK11_CreateContextBySymKey(sec_pkcs12_algtag_to_mech(algtag),
+                                        CKA_SIGN, symKey, &ignore);
     if(!pk11cx) {
 	PORT_SetError(SEC_ERROR_NO_MEMORY);
 	return SECFailure;
     }
     rv = PK11_DigestBegin(pk11cx);
 
     /* try to open the data for readback */
     if(p12dcx->dOpen && ((*p12dcx->dOpen)(p12dcx->dArg, PR_TRUE) 
@@ -1242,20 +1244,16 @@ loser:
     if(p12dcx->dClose) {
 	(*p12dcx->dClose)(p12dcx->dArg, PR_TRUE);
     }
 
     if(pk11cx) {
 	PK11_DestroyContext(pk11cx, PR_TRUE);
     }
 
-    if(hmacKey) {
-	SECITEM_ZfreeItem(hmacKey, PR_TRUE);
-    }
-
     return rv;
 }
 
 /* SEC_PKCS12DecoderVerify
  * 	Verify the macData or the signature of the decoded PKCS 12 PDU.
  *	If the signature or the macData do not match, SECFailure is
  *	returned.
  *
@@ -2139,18 +2137,16 @@ sec_pkcs12_validate_cert(sec_PKCS12SafeB
     if(!testCert && PK11_IsInternal(cert->slot)) {
 	testCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),
 				 &cert->safeBagContent.certBag->value.x509Cert);
     }
 
     if(testCert) {
 	if(!testCert->nickname) {
 	    cert->removeExisting = PR_TRUE;
-	} else {
-	    cert->noInstall = PR_TRUE;
 	}
 	CERT_DestroyCertificate(testCert);
 	if(cert->noInstall && !cert->removeExisting) {
 	    return;
 	}
     }
 
     sec_pkcs12_validate_cert_nickname(cert, key, nicknameCb, wincx);
--- a/security/nss/lib/pkcs12/p12e.c
+++ b/security/nss/lib/pkcs12/p12e.c
@@ -1655,59 +1655,67 @@ sec_pkcs12_encoder_start_context(SEC_PKC
 	}
 	rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo);
 	PORT_Assert(rv == SECSuccess);
     } else {
 	p12enc->aSafeCinfo = SEC_PKCS7CreateData();
 
 	/* init password pased integrity mode */
 	if(p12exp->integrityEnabled) {
-	    SECItem  pwd = {siBuffer,NULL, 0}, *key;
+	    SECItem  pwd = {siBuffer,NULL, 0};
 	    SECItem *salt = sec_pkcs12_generate_salt();
-	    PBEBitGenContext *pbeCtxt = NULL;
+	    PK11SymKey *symKey;
+	    SECItem *params;
+	    CK_MECHANISM_TYPE integrityMech;
 
 	    /* zero out macData and set values */
 	    PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData));
 
 	    if(!salt) {
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		goto loser;
 	    }
 	    if(SECITEM_CopyItem(p12exp->arena, &(p12enc->mac.macSalt), salt) 
 			!= SECSuccess) {
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		goto loser;
 	    }   
-	    SECITEM_ZfreeItem(salt, PR_TRUE);
 
 	    /* generate HMAC key */
 	    if(!sec_pkcs12_convert_item_to_unicode(NULL, &pwd, 
 			p12exp->integrityInfo.pwdInfo.password, PR_TRUE, 
 			PR_TRUE, PR_TRUE)) {
 		goto loser;
 	    }
-	    pbeCtxt = PBE_CreateContext(p12exp->integrityInfo.pwdInfo.algorithm,
-					pbeBitGenIntegrityKey, &pwd, 
-					&(p12enc->mac.macSalt), 160, 1);
+
+	    params = PK11_CreatePBEParams(salt, &pwd, 1);
+	    SECITEM_ZfreeItem(salt, PR_TRUE);
 	    SECITEM_ZfreeItem(&pwd, PR_FALSE);
-	    if(!pbeCtxt) {
+
+	    switch (p12exp->integrityInfo.pwdInfo.algorithm) {
+	    case SEC_OID_SHA1:
+		integrityMech = CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN; break;
+	    case SEC_OID_MD5:
+		integrityMech = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;  break;
+	    case SEC_OID_MD2:
+		integrityMech = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;  break;
+	    default:
 		goto loser;
 	    }
-	    key = PBE_GenerateBits(pbeCtxt);
-	    PBE_DestroyContext(pbeCtxt);
-	    if(!key) {
+
+	    symKey = PK11_KeyGen(NULL, integrityMech, params, 20, NULL);
+	    PK11_DestroyPBEParams(params);
+	    if(!symKey) {
 		goto loser;
 	    }
 
 	    /* initialize hmac */
-	    p12enc->hmacCx = PK11_CreateContextByRawKey(NULL, 
+	    p12enc->hmacCx = PK11_CreateContextBySymKey(
 	     sec_pkcs12_algtag_to_mech(p12exp->integrityInfo.pwdInfo.algorithm),
-                                                   PK11_OriginDerive, CKA_SIGN, 
-                                                   key, &ignore, NULL);
-	    SECITEM_ZfreeItem(key, PR_TRUE);
+	                                           CKA_SIGN, symKey, &ignore);
 	    if(!p12enc->hmacCx) {
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		goto loser;
 	    }
 	    rv = PK11_DigestBegin(p12enc->hmacCx);
 	    if (rv != SECSuccess)
 		goto loser;
 	}
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -356,17 +356,18 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCM
 	CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
 {
     PK11SymKey *bulkkey = NULL;
     SECAlgorithmID *encalg;
     SECOidTag encalgtag;
     SECItem *enckey;
     int error;
 
-    ri->cert = cert;	/* mark the recipientInfo so we can find it later */
+    ri->cert = CERT_DupCertificate(cert);
+        	/* mark the recipientInfo so we can find it later */
 
     switch (ri->recipientInfoType) {
     case NSSCMSRecipientInfoID_KeyTrans:
 	encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg);
 	encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
 	enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
 	switch (encalgtag) {
 	case SEC_OID_PKCS1_RSA_ENCRYPTION:
--- a/security/nss/lib/smime/cmssigdata.c
+++ b/security/nss/lib/smime/cmssigdata.c
@@ -732,28 +732,41 @@ NSS_CMSSignedData_SetDigests(NSSCMSSigne
 SECStatus
 NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
 				SECOidTag digestalgtag,
 				SECItem *digestdata)
 {
     SECItem *digest = NULL;
     PLArenaPool *poolp;
     void *mark;
-    int n;
+    int n, cnt;
 
     poolp = sigd->cmsg->poolp;
 
     mark = PORT_ArenaMark(poolp);
 
+   
     if (digestdata) {
+        digest = (SECItem *) PORT_ArenaZAlloc(poolp,sizeof(SECItem));
+
 	/* copy digestdata item to arena (in case we have it and are not only making room) */
 	if (SECITEM_CopyItem(poolp, digest, digestdata) != SECSuccess)
 	    goto loser;
     }
 
+    /* now allocate one (same size as digestAlgorithms) */
+    if (sigd->digests == NULL) {
+        cnt = NSS_CMSArray_Count((void **)sigd->digestAlgorithms);
+        sigd->digests = PORT_ArenaZAlloc(sigd->cmsg->poolp, (cnt + 1) * sizeof(SECItem *));
+        if (sigd->digests == NULL) {
+	        PORT_SetError(SEC_ERROR_NO_MEMORY);
+	        return SECFailure;
+        }
+    }
+
     n = -1;
     if (sigd->digestAlgorithms != NULL)
 	n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
 
     /* if not found, add a digest */
     if (n < 0) {
 	if (NSS_CMSSignedData_AddDigest(poolp, sigd, digestalgtag, digest) != SECSuccess)
 	    goto loser;
--- a/security/nss/lib/smime/cmsutil.c
+++ b/security/nss/lib/smime/cmsutil.c
@@ -375,17 +375,17 @@ NSS_CMSDEREncode(NSSCMSMessage *cmsg, SE
 	return SECFailure;
     }
     ecx = NSS_CMSEncoder_Start(cmsg, 0, 0, derOut, arena, 0, 0, 0, 0, 0, 0);
     if (!ecx) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return SECFailure;
     }
     if (input) {
-	rv = NSS_CMSEncoder_Update(ecx, input->data, input->len);
+	rv = NSS_CMSEncoder_Update(ecx, (const char*)input->data, input->len);
 	if (rv) {
 	    PORT_SetError(SEC_ERROR_BAD_DATA);
 	}
     }
     rv |= NSS_CMSEncoder_Finish(ecx);
     if (rv) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     }
--- a/security/nss/lib/softoken/keydb.c
+++ b/security/nss/lib/softoken/keydb.c
@@ -582,16 +582,19 @@ SECKEY_OpenKeyDB(PRBool readOnly, SECKEY
     } else {
 	openflags = O_RDWR;
     }
 
     dbname = (*namecb)(cbarg, PRIVATE_KEY_DB_FILE_VERSION);
     if ( dbname == NULL ) {
 	goto loser;
     }
+
+    handle->dbname = PORT_Strdup(dbname);
+    handle->readOnly = readOnly;
     
     handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
 
     /* check for correct version number */
     if (handle->db != NULL) {
 	/* lookup version string in database */
 	ret = (* handle->db->get)( handle->db, &versionKey, &versionData, 0 );
 
@@ -715,16 +718,17 @@ SECKEY_CloseKeyDB(SECKEYKeyDBHandle *han
 {
     if (handle != NULL) {
 	if (handle == SECKEY_GetDefaultKeyDB()) {
 	    SECKEY_SetDefaultKeyDB(NULL);
 	}
 	if (handle->db != NULL) {
 	    (* handle->db->close)(handle->db);
 	}
+	if (handle->dbname) PORT_Free(handle->dbname);
 	PORT_Free(handle);
     }
 }
 
 /* Get the key database version */
 int
 SECKEY_GetKeyDBVersion(SECKEYKeyDBHandle *handle)
 {
@@ -2411,46 +2415,51 @@ done:
     
     if ( dbkey ) {
 	sec_destroy_dbkey(dbkey);
     }
 
     return(SECSuccess);
 }
 
+#define MAX_DB_SIZE 0xffff 
 /*
  * Clear out all the keys in the existing database
  */
 SECStatus
 SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle)
 {
     SECStatus rv;
     DBT key;
     DBT data;
     int ret;
     int errors = 0;
 
     if ( handle->db == NULL ) {
 	return(SECSuccess);
     }
 
-    
-    /* now traverse the database */
-    ret = (* handle->db->seq)(handle->db, &key, &data, R_FIRST);
-    if ( ret ) {
-	goto done;
+    if (handle->readOnly) {
+	/* set an error code */
+	return SECFailure;
+     }
+
+    PORT_Assert(handle->dbname != NULL);
+    if (handle->dbname == NULL) {
+	return SECFailure;
+    }
+
+    (* handle->db->close)(handle->db);
+    handle->db = dbopen( handle->dbname,
+			     O_RDWR | O_CREAT | O_TRUNC, 0600, DB_HASH, 0 );
+    if (handle->db == NULL) {
+	/* set an error code */
+	return SECFailure;
     }
     
-    do {
-        /* delete each entry */
-	ret = (* handle->db->del)(handle->db, &key, 0);
-	if ( ret ) errors++;
-
-    } while ( (* handle->db->seq)(handle->db, &key, &data,
-					R_NEXT) == 0 );
     rv = makeGlobalVersion(handle);
     if ( rv != SECSuccess ) {
 	errors++;
 	goto done;
     }
 
     rv = makeGlobalSalt(handle);
     if ( rv != SECSuccess ) {
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -401,16 +401,19 @@ static struct mechanismList mechanisms[]
      {CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4,	     {40,40, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4,     {128,128, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_DES3_EDE_CBC,	     {24,24, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_DES2_EDE_CBC,	     {24,24, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC2_40_CBC,		     {40,40, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC2_128_CBC,		     {128,128, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC4_40,		     {40,40, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC4_128,		     {128,128, CKF_GENERATE}, PR_TRUE},
+     {CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN,    {1,32, CKF_GENERATE}, PR_TRUE},
+     {CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN,     {1,32, CKF_GENERATE}, PR_TRUE},
+     {CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN,     {1,32, CKF_GENERATE}, PR_TRUE},
 };
 static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
 /* load up our token database */
 static CK_RV pk11_importKeyDB(PK11Slot *slot);
 
 
 static char *
 pk11_setStringName(char *inString, char *buffer, int buffer_length) {
@@ -646,31 +649,30 @@ pk11_handleCertObject(PK11Session *sessi
 	if(attribute) {
 	    certUsage = (SECCertUsage*)attribute->attrib.pValue;
 	    pk11_FreeAttribute(attribute);
 	}
 
 	/* Temporary for PKCS 12 */
 	if(cert->nickname == NULL) {
 	    /* use the arena so we at least don't leak memory  */
-	    cert->nickname = (char *)PORT_ArenaAlloc(cert->arena,
-							PORT_Strlen(label)+1);
-	    if(cert->nickname == NULL) {
-		return CKR_HOST_MEMORY;
-	    }
-	    PORT_Memcpy(cert->nickname, label, PORT_Strlen(label));
+	    cert->nickname = PORT_ArenaStrdup(cert->arena, label);
 	}
 
 	/* only add certs that have a private key */
 	if (SECKEY_KeyForCertExists(SECKEY_GetDefaultKeyDB(),cert) 
 							!= SECSuccess) {
 	    return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
-	if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
-	    return CKR_HOST_MEMORY;
+	if (!cert->isperm) {
+	    if (CERT_AddTempCertToPerm(cert, label, &trust) != SECSuccess) {
+		return CKR_HOST_MEMORY;
+	    }
+	} else {
+	    CERT_ChangeCertTrust(cert->dbhandle,cert,&trust);
 	}
 	if(certUsage) {
 	    if(CERT_ChangeCertTrustByUsage(CERT_GetDefaultCertDB(),
 				cert, *certUsage) != SECSuccess) {
 		return CKR_HOST_MEMORY;
 	    }
 	}
 	object->handle |= (PK11_TOKEN_MAGIC | PK11_TOKEN_TYPE_CERT);
@@ -2103,16 +2105,28 @@ pk11_GetPrivKey(PK11Object *object,CK_KE
 	/* KEYID is the public KEY for DSA and DH, and the MODULUS for
 	 *  RSA */
 	crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
 	if (crv != CKR_OK) return NULL;
 	
 	priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&pubKey,
 				       (SECKEYGetPasswordKey) pk11_givePass,
 				       object->slot);
+	if (!priv && pubKey.data[0] == 0) {
+	    /* Because of legacy code issues, sometimes the public key has
+	     * a '0' prepended to it, forcing it to be unsigned.  The database
+	     * may not store that '0', so remove it and try again.
+	     */
+	    SECItem tmpPubKey;
+	    tmpPubKey.data = pubKey.data + 1;
+	    tmpPubKey.len = pubKey.len - 1;
+	    priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&tmpPubKey,
+				           (SECKEYGetPasswordKey) pk11_givePass,
+				           object->slot);
+	}
 	if (pubKey.data) PORT_Free(pubKey.data);
 
 	/* don't 'cache' DB private keys */
 	return priv;
     } 
 
     priv = pk11_mkPrivKey(object, key_type);
     object->objectInfo = priv;
@@ -2684,16 +2698,17 @@ CK_RV NSC_InitToken(CK_SLOT_ID slotID,CK
 		slot->tokObjects[i] = object->next;
 
 		if (object->next) object->next->prev = NULL;
 		object->next = object->prev = NULL;
 	    }
 	    if (object) pk11_FreeObject(object);
 	} while (object != NULL);
     }
+    slot->DB_loaded = PR_FALSE;
     PK11_USE_THREADS(PZ_Unlock(slot->objectLock);)
 
     /* then clear out the key database */
     handle = SECKEY_GetDefaultKeyDB();
     if (handle == NULL) {
 	return CKR_TOKEN_WRITE_PROTECTED;
     }
 
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1994,42 +1994,44 @@ pk11_HashSign(PK11HashSignInfo *info,uns
     SGN_DestroyDigestInfo(di);
     if (arena != NULL) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return rv;
 }
 
 static SECStatus
-nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
-			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen,
+                               void *dataBuf, unsigned int dataLen)
 {
     SECItem signature, digest;
-
-    signature.data = pSignature;
-    signature.len = ulSignatureLen;
-    digest.data = pData;
-    digest.len = ulDataLen;
-    return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest);
+    SECKEYLowPublicKey *key = (SECKEYLowPublicKey *)ctx;
+
+    signature.data = (unsigned char *)sigBuf;
+    signature.len = sigLen;
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    return DSA_VerifyDigest(&(key->u.dsa), &signature, &digest);
 }
 
 static SECStatus
-nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature,
-			    CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen,
-			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
+                  unsigned int *sigLen, unsigned int maxSigLen,
+                  void *dataBuf, unsigned int dataLen)
 {
     SECItem signature = { 0 }, digest;
     SECStatus rv;
-
-    (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen);
-    digest.data = pData;
-    digest.len = ulDataLen;
-    rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest);
-    *ulSignatureLen = signature.len;
-    PORT_Memcpy(pSignature, signature.data, signature.len);
+    SECKEYLowPrivateKey *key = (SECKEYLowPrivateKey *)ctx;
+
+    (void)SECITEM_AllocItem(NULL, &signature, maxSigLen);
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
+    *sigLen = signature.len;
+    PORT_Memcpy(sigBuf, signature.data, signature.len);
     SECITEM_FreeItem(&signature, PR_FALSE);
     return rv;
 }
 
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
  *	(1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
  *  to data in a single Sign operation (which often looks a lot like an
@@ -2166,21 +2168,21 @@ finish_rsa:
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	privKey = pk11_GetPrivKey(key,CKK_DSA);
 	if (privKey == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = &(privKey->u.dsa);
+	context->cipherInfo = privKey;
 	context->update     = (PK11Cipher) nsc_DSA_Sign_Stub;
-	context->destroy    = pk11_Null;
-
-        if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey);
+	context->destroy    = (privKey == key->objectInfo) ?
+		(PK11Destroy) pk11_Null:(PK11Destroy)pk11_FreePrivKey;
+
 	break;
     case CKM_MD2_HMAC_GENERAL:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
 				*(CK_ULONG *)pMechanism->pParameter);
 	break;
     case CKM_MD2_HMAC:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,MD2_LENGTH);
 	break;
@@ -2572,17 +2574,17 @@ finish_rsa:
 	    break;
 	}
 	context->multi = PR_FALSE;
 	pubKey = pk11_GetPubKey(key,CKK_DSA);
 	if (pubKey == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = &(pubKey->u.dsa);
+	context->cipherInfo = pubKey;
 	context->verify     = (PK11Verify) nsc_DSA_Verify_Stub;
 	context->destroy    = pk11_Null;
 	break;
 
     case CKM_MD2_HMAC_GENERAL:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
 				*(CK_ULONG *)pMechanism->pParameter);
 	break;
@@ -2825,16 +2827,50 @@ CK_RV NSC_GenerateRandom(CK_SESSION_HAND
     rv = RNG_GenerateGlobalRandomBytes(pRandomData, ulRandomLen);
     return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
 }
 
 /*
  **************************** Key Functions:  ************************
  */
 
+CK_RV
+pk11_pbe_hmac_key_gen(CK_MECHANISM_PTR pMechanism, char *buf, 
+                      unsigned long *len, PRBool faultyPBE3DES)
+{
+    PBEBitGenContext *pbeCx;
+    SECItem pwd, salt, *key;
+    SECOidTag hashAlg;
+    unsigned long keylenbits;
+    CK_PBE_PARAMS *pbe_params = NULL;
+    pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
+    pwd.data = (unsigned char *)pbe_params->pPassword;
+    pwd.len = (unsigned int)pbe_params->ulPasswordLen;
+    salt.data = (unsigned char *)pbe_params->pSalt;
+    salt.len = (unsigned int)pbe_params->ulSaltLen;
+    switch (pMechanism->mechanism) {
+    case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+	hashAlg = SEC_OID_SHA1; keylenbits = 160; break;
+    case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+	hashAlg = SEC_OID_MD5;  keylenbits = 128; break;
+    case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+	hashAlg = SEC_OID_MD2;  keylenbits = 128; break;
+    default:
+	return CKR_MECHANISM_INVALID;
+    }
+    pbeCx = PBE_CreateContext(hashAlg, pbeBitGenIntegrityKey, &pwd,
+                              &salt, keylenbits, pbe_params->ulIteration);
+    key = PBE_GenerateBits(pbeCx);
+    PORT_Memcpy(buf, key->data, key->len);
+    *len = key->len;
+    PBE_DestroyContext(pbeCx);
+    SECITEM_ZfreeItem(key, PR_TRUE);
+    return CKR_OK;
+}
+
 /*
  * generate a password based encryption key. This code uses
  * PKCS5 to do the work. Note that it calls PBE_PK11ParamToAlgid, which is
  * a utility function in secpkcs5.c.  This function is used in here
  * and in PK11_ParamToAlgid.
  */
 CK_RV
 pk11_pbe_key_gen(SECOidTag algtag,CK_MECHANISM_PTR pMechanism,
@@ -3027,24 +3063,24 @@ nsc_SetupPBEKeyGen(CK_MECHANISM_TYPE mec
 CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
     CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
     						CK_OBJECT_HANDLE_PTR phKey)
 {
     PK11Object *key;
     PK11Session *session;
     PRBool checkWeak = PR_FALSE;
     CK_ULONG key_length = 0;
-    CK_KEY_TYPE key_type;
+    CK_KEY_TYPE key_type = -1;
     CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
     CK_RV crv = CKR_OK;
     CK_BBOOL cktrue = CK_TRUE;
     int i;
     PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
     char buf[MAX_KEY_LEN];
-    enum {pk11_pbe, pk11_ssl, pk11_bulk} key_gen_type;
+    enum {pk11_pbe, pk11_pbe_hmac, pk11_ssl, pk11_bulk} key_gen_type;
     SECOidTag algtag = SEC_OID_UNKNOWN;
     SSL3RSAPreMasterSecret *rsa_pms;
     CK_VERSION *version;
     /* in very old versions of NSS, there were implementation errors with key 
      * generation methods.  We want to beable to read these, but not 
      * produce them any more.  The affected algorithm was 3DES.
      */
     PRBool faultyPBE3DES = PR_FALSE;
@@ -3099,16 +3135,22 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE 
 	break;
     case CKM_SSL3_PRE_MASTER_KEY_GEN:
 	key_type = CKK_GENERIC_SECRET;
 	key_length = 48;
 	key_gen_type = pk11_ssl;
 	break;
     case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
 	faultyPBE3DES = PR_TRUE;
+    case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+    case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+    case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+	key_gen_type = pk11_pbe_hmac;
+	key_type = CKK_GENERIC_SECRET;
+	break;
     case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
     case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
     case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
     case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
     case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
     case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
     case CKM_PBE_SHA1_DES3_EDE_CBC:
     case CKM_PBE_SHA1_DES2_EDE_CBC:
@@ -3131,20 +3173,28 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE 
     if (sizeof(buf) < key_length) {
 	/* someone is getting pretty optimistic about how big their key can
 	 * be... */
         crv = CKR_TEMPLATE_INCONSISTENT;
     }
 
     if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
 
+    /* if there was no error,
+     * key_type *MUST* be set in the switch statement above */
+    PORT_Assert( key_type != -1 );
+
     /*
      * now to the actual key gen.
      */
     switch (key_gen_type) {
+    case pk11_pbe_hmac:
+	crv = pk11_pbe_hmac_key_gen(pMechanism, buf, &key_length,
+	                            faultyPBE3DES);
+	break;
     case pk11_pbe:
 	crv = pk11_pbe_key_gen(algtag, pMechanism, buf, &key_length,
 			       faultyPBE3DES);
 	break;
     case pk11_ssl:
 	rsa_pms = (SSL3RSAPreMasterSecret *)buf;
 	version = (CK_VERSION *)pMechanism->pParameter;
 	rsa_pms->client_version[0] = version->major;
--- a/security/nss/lib/softoken/pkcs11t.h
+++ b/security/nss/lib/softoken/pkcs11t.h
@@ -1107,16 +1107,19 @@ typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTR
 #define CKM_NETSCAPE_PBE_KEY_GEN		0x80000001L
 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC		0x80000002L
 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC	0x80000003L
 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC	0x80000004L
 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC	0x80000005L
 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4	0x80000006L
 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4	0x80000007L
 #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC	0x80000008L
+#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN      0x80000009L
+#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN       0x8000000aL
+#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN       0x8000000bL
 #define CKM_TLS_MASTER_KEY_DERIVE		0x80000371L
 #define CKM_TLS_KEY_AND_MAC_DERIVE		0x80000372L
 #define CKM_TLS_PRF_GENERAL                     0x80000373L
 #define CKM_SSL3_MASTER_KEY_DERIVE_DH		0x80000374L
 #define CKM_TLS_MASTER_KEY_DERIVE_DH		0x80000375L
 
 /* define used to pass in the database key for DSA private keys */
 #define CKA_NETSCAPE_DB				0xD5A0DB00L
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -744,16 +744,27 @@ pk11_DestroyObject(PK11Object *object)
 	/* remove the objects from the real data base */
 	    switch (object->handle & PK11_TOKEN_TYPE_MASK) {
 	      case PK11_TOKEN_TYPE_PRIV:
 		/* KEYID is the public KEY for DSA and DH, and the MODULUS for
 		 *  RSA */
 		crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
 		if (crv != CKR_OK) break;
 		rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &pubKey);
+		if (rv != SECSuccess && pubKey.data[0] == 0) {
+		    /* Because of legacy code issues, sometimes the public key
+		     * has a '0' prepended to it, forcing it to be unsigned.
+	             * The database may not store that '0', so remove it and
+		     * try again.
+		     */
+		    SECItem tmpPubKey;
+		    tmpPubKey.data = pubKey.data + 1;
+		    tmpPubKey.len = pubKey.len - 1;
+		    rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &tmpPubKey);
+		}
 		if (rv != SECSuccess) crv= CKR_DEVICE_ERROR;
 		break;
 	      case PK11_TOKEN_TYPE_CERT:
 		rv = SEC_DeletePermCertificate((CERTCertificate *)object->objectInfo);
 		if (rv != SECSuccess) crv = CKR_DEVICE_ERROR;
 		break;
 	    }
 	}
--- a/security/nss/lib/softoken/private.h
+++ b/security/nss/lib/softoken/private.h
@@ -45,16 +45,18 @@
 /*
  * Handle structure for open key databases
  */
 struct SECKEYKeyDBHandleStr {
     DB *db;
     DB *updatedb;		/* used when updating an old version */
     SECItem *global_salt;	/* password hashing salt for this db */
     int version;		/* version of the database */
+    char *dbname;		/* name of the openned DB */
+    PRBool readOnly;		/* is the DB read only */
 };
 
 /*
 ** Typedef for callback for traversing key database.
 **      "key" is the key used to index the data in the database (nickname)
 **      "data" is the key data
 **      "pdata" is the user's data 
 */
--- a/security/nss/lib/ssl/manifest.mn
+++ b/security/nss/lib/ssl/manifest.mn
@@ -55,17 +55,16 @@ CSRCS = \
 	ssl3con.c \
 	ssl3gthr.c \
 	sslauth.c \
 	sslcon.c \
 	ssldef.c \
 	sslenum.c \
 	sslerr.c \
 	sslgathr.c \
-	sslmutex.c \
 	sslnonce.c \
 	sslreveal.c \
 	sslsecur.c \
 	sslsnce.c \
 	sslsock.c \
 	ssltrace.c \
 	sslver.c \
 	authcert.c \
--- a/security/nss/lib/ssl/ssl.def
+++ b/security/nss/lib/ssl/ssl.def
@@ -100,18 +100,8 @@ SSL_SetURL;
 ;+*;
 ;+};
 ;+NSS_3.2.1 {       # NSS 3.2.1 release
 ;+    global:
 NSSSSL_VersionCheck;
 ;+    local:
 ;+*;
 ;+};
-;+NSS_3.3 {         # NSS 3.3   release
-;+    global:
-;+#   We have not yet decided whether these functions will be exported
-;-#   in the final 3.3 release, so please treat them as exported private
-;-#   functions for now.
-SSL_GetMaxServerCacheLocks;
-SSL_SetMaxServerCacheLocks;
-;+    local:
-;+*;
-;+};
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -46,16 +46,18 @@
 #include "keyt.h"
 
 #if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
 #define SSL_IMPORT extern __declspec(dllimport)
 #else
 #define SSL_IMPORT extern
 #endif
 
+SEC_BEGIN_PROTOS
+
 /* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
 SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
 
 /* number of entries in the above table. */
 SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
 
 /* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
 #define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
@@ -72,19 +74,16 @@ typedef struct SSL3StatisticsStr {
     long hsh_sid_cache_not_ok;
 
     /* statistics from ssl3_HandleClientHello (hch) */
     long hch_sid_cache_hits;
     long hch_sid_cache_misses;
     long hch_sid_cache_not_ok;
 } SSL3Statistics;
 
-SEC_BEGIN_PROTOS
-
-
 /*
 ** Imports fd into SSL, returning a new socket.  Copies SSL configuration
 ** from model.
 */
 SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 
 /*
 ** Enable/disable an ssl mode
@@ -294,27 +293,16 @@ SSL_IMPORT SECStatus SSL_ConfigServerSes
 ** This function sets up a Server Session ID (SID) cache that is safe for
 ** access by multiple processes on the same system.
 */
 SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int      maxCacheEntries, 
 				                PRUint32 timeout,
 			       	                PRUint32 ssl3_timeout, 
 		                          const char *   directory);
 
-/* Get and set the configured maximum number of mutexes used for the 
-** server's store of SSL sessions.  This value is used by the server 
-** session ID cache initialization functions shown above.  Note that on 
-** some platforms, these mutexes are actually implemented with POSIX 
-** semaphores, or with unnamed pipes.  The default value varies by platform.
-** An attempt to set a too-low maximum will return an error and the 
-** configured value will not be changed.
-*/
-SSL_IMPORT PRUint32  SSL_GetMaxServerCacheLocks(void);
-SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
-
 /* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
  * SSL_InheritMPServerSIDCache when envString is NULL.
  */
 #define SSL_ENV_VAR_NAME            "SSL_INHERITANCE"
 
 /* called in child to inherit SID Cache variables. 
  * If envString is NULL, this function will use the value of the environment
  * variable "SSL_INHERITANCE", otherwise the string value passed in will be 
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -2600,17 +2600,18 @@ ssl3_SendClientHello(sslSocket *ss)
 	*/
 	if (sidOK && sid->u.ssl3.clAuthValid) {
 	    slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID,
 	                             sid->u.ssl3.clAuthSlotID);
 	    if (slot == NULL ||
 	        !PK11_IsPresent(slot) ||
 		sid->u.ssl3.clAuthSeries     != PK11_GetSlotSeries(slot) ||
 		sid->u.ssl3.clAuthSlotID     != PK11_GetSlotID(slot)     ||
-		sid->u.ssl3.clAuthModuleID   != PK11_GetModuleID(slot)   ) {
+		sid->u.ssl3.clAuthModuleID   != PK11_GetModuleID(slot)   ||
+                !PK11_IsLoggedIn(slot, NULL)) {
 	        sidOK = PR_FALSE;
 	    }
 	    if (slot) {
 		PK11_FreeSlot(slot);
 		slot = NULL;
 	    }
 	}
 
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@@ -1568,16 +1568,17 @@ ssl2_CreateSessionCypher(sslSocket *ss, 
     sec->secretKeyBits = sid->u.ssl2.secretKeyBits;
     goto done;
 
   loser:
     if (sec->destroy) {
 	if (readcx)  (*sec->destroy)(readcx, PR_TRUE);
 	if (writecx) (*sec->destroy)(writecx, PR_TRUE);
     }
+    sec->destroy = NULL;
     if (slot) PK11_FreeSlot(slot);
 
   sec_loser:
     rv = SECFailure;
 
   done:
     SECITEM_ZfreeItem(rk, PR_FALSE);
     SECITEM_ZfreeItem(wk, PR_FALSE);
@@ -2526,17 +2527,17 @@ ssl2_HandleMessage(sslSocket *ss)
 
     case SSL_MT_SERVER_FINISHED:
 	if (ci->elements & CIS_HAVE_FINISHED) {
 	    SSL_DBG(("%d: SSL[%d]: dup server-finished message",
 		     SSL_GETPID(), ss->fd));
 	    goto bad_peer;
 	}
 
-	if (gs->recordLen - 1 != SSL2_SESSIONID_BYTES) {
+	if (gs->recordLen - 1 != SSL_SESSIONID_BYTES) {
 	    SSL_DBG(("%d: SSL[%d]: bad server-finished message, len=%d",
 		     SSL_GETPID(), ss->fd, gs->recordLen));
 	    goto bad_peer;
 	}
 	ssl2_ClientRegSessionID(ss, data+1);
 	SSL_TRC(5, ("%d: SSL[%d]: got server finished, waiting for 0x%d",
 		    SSL_GETPID(), ss->fd, ci->requiredElements ^ ci->elements));
 	ci->elements |= CIS_HAVE_FINISHED;
@@ -2971,17 +2972,34 @@ ssl2_BeginClientHandshake(sslSocket *ss)
      */
     rv = ssl2_CheckConfigSanity(ss);
     if (rv != SECSuccess)
 	goto loser;
 
     /* Get peer name of server */
     rv = ssl_GetPeerInfo(ss);
     if (rv < 0) {
+#ifdef HPUX11
+        /*
+         * On some HP-UX B.11.00 systems, getpeername() occasionally
+         * fails with ENOTCONN after a successful completion of
+         * non-blocking connect.  I found that if we do a write()
+         * and then retry getpeername(), it will work.
+         */
+        if (PR_GetError() == PR_NOT_CONNECTED_ERROR) {
+            char dummy;
+            (void) PR_Write(ss->fd->lower, &dummy, 0);
+            rv = ssl_GetPeerInfo(ss);
+            if (rv < 0) {
+                goto loser;
+            }
+        }
+#else
 	goto loser;
+#endif
     }
 
     SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));
 
     /* Try to find server in our session-id cache */
     if (ss->noCache) {
 	sid = NULL;
     } else {
@@ -3544,17 +3562,17 @@ ssl2_HandleClientHelloMessage(sslSocket 
 	    goto loser;
 	}
 	sid->references = 1;
 	sid->addr = ci->peer;
 	sid->port = ci->port;
 
 	/* Invent a session-id */
 	ci->sid = sid;
-	PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL2_SESSIONID_BYTES-2);
+	PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL_SESSIONID_BYTES-2);
 
 	pid = SSL_GETPID();
 	sid->u.ssl2.sessionID[0] = MSB(pid);
 	sid->u.ssl2.sessionID[1] = LSB(pid);
 	cert = ss->serverCert[kt_rsa]->derCert.data;
 	certLen = ss->serverCert[kt_rsa]->derCert.len;
     }
 
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -108,17 +108,17 @@ typedef enum { SSLAppOpRead = 0,
 	       SSLAppOpRDWR,
 	       SSLAppOpPost,
 	       SSLAppOpHeader
 } SSLAppOperation;
 
 #define SSL_MIN_MASTER_KEY_BYTES	5
 #define SSL_MAX_MASTER_KEY_BYTES	64
 
-#define SSL2_SESSIONID_BYTES		16
+#define SSL_SESSIONID_BYTES		16
 #define SSL3_SESSIONID_BYTES		32
 
 #define SSL_MIN_CHALLENGE_BYTES		16
 #define SSL_MAX_CHALLENGE_BYTES		32
 #define SSL_CHALLENGE_BYTES		16
 
 #define SSL_CONNECTIONID_BYTES		16
 
@@ -203,17 +203,17 @@ struct sslBufferStr {
     unsigned int 	len;
     unsigned int 	space;
 };
 
 /*
 ** SSL3 cipher suite policy and preference struct.
 */
 typedef struct {
-#if !defined(_WIN32)
+#ifdef AIX
     unsigned int    cipher_suite : 16;
     unsigned int    policy       :  8;
     unsigned int    enabled      :  1;
     unsigned int    isPresent    :  1;
 #else
     ssl3CipherSuite cipher_suite;
     PRUint8         policy;
     unsigned char   enabled   : 1;
@@ -706,17 +706,17 @@ struct sslSessionIDStr {
 
     PRUint32              time;
     Cached                cached;
     int                   references;
 
     union {
 	struct {
 	    /* the V2 code depends upon the size of sessionID.  */
-	    unsigned char         sessionID[SSL2_SESSIONID_BYTES];
+	    unsigned char         sessionID[SSL_SESSIONID_BYTES];
 
 	    /* Stuff used to recreate key and read/write cipher objects */
 	    SECItem               masterKey;
 	    int                   cipherType;
 	    SECItem               cipherArg;
 	    int                   keyBits;
 	    int                   secretKeyBits;
 	} ssl2;
@@ -1242,18 +1242,15 @@ ssl_EmulateSendFile( PRFileDesc *       
 #define SSL_TRACE(msg)
 #endif
 
 void ssl_Trace(const char *format, ...);
 
 SEC_END_PROTOS
 
 
-#if defined(XP_UNIX)
+#ifdef XP_UNIX
 #define SSL_GETPID() getpid()
-#elif defined(WIN32)
-/* #define SSL_GETPID() GetCurrentProcessId() */
-#define SSL_GETPID() _getpid()
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -39,19 +39,17 @@
 #include "cert.h"
 #include "secitem.h"
 #include "ssl.h"
 
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "nssilock.h"
 #include "nsslocks.h"
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS)
-#include <time.h>
-#endif
+
 
 PRUint32 ssl_sid_timeout = 100;
 PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
 
 static sslSessionID *cache;
 static PZLock *      cacheLock;
 
 /* sids can be in one of 4 states:
@@ -334,24 +332,19 @@ SSL_ClearSessionCache(void)
 	UncacheSID(cache);
     UNLOCK_CACHE;
 }
 
 /* returns an unsigned int containing the number of seconds in PR_Now() */
 PRUint32
 ssl_Time(void)
 {
-    PRUint32 myTime;
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS)
-    myTime = time(NULL);	/* accurate until the year 2038. */
-#else
-    /* portable, but possibly slower */
     PRTime now;
     PRInt64 ll;
+    PRUint32 time;
 
     now = PR_Now();
     LL_I2L(ll, 1000000L);
     LL_DIV(now, now, ll);
-    LL_L2UI(myTime, now);
-#endif
-    return myTime;
+    LL_L2UI(time, now);
+    return time;
 }
 
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -930,22 +930,16 @@ ssl_SecureClose(sslSocket *ss)
     int rv;
 
     if (ss->version >= SSL_LIBRARY_VERSION_3_0 	&&
     	ss->firstHsDone 			&& 
 	!(ss->shutdownHow & ssl_SHUTDOWN_SEND)	&&
 	!ss->recvdCloseNotify                   &&
 	(ss->ssl3 != NULL)) {
 
-	/* We don't want the final alert to be Nagle delayed. */
-	if (!ss->delayDisabled) {
-	    ssl_EnableNagleDelay(ss, PR_FALSE);
-	    ss->delayDisabled = 1;
-	}
-
 	(void) SSL3_SendAlert(ss, alert_warning, close_notify);
     }
     rv = ssl_DefClose(ss);
     return rv;
 }
 
 /* Caller handles all locking */
 int
@@ -1234,17 +1228,17 @@ SSL_GetSessionID(PRFileDesc *fd)
     if (ss) {
 	ssl_Get1stHandshakeLock(ss);
 	ssl_GetSSL3HandshakeLock(ss);
 
 	if (ss->useSecurity && ss->firstHsDone && ss->sec && ss->sec->ci.sid) {
 	    sid = ss->sec->ci.sid;
 	    item = (SECItem *)PORT_Alloc(sizeof(SECItem));
 	    if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-		item->len = SSL2_SESSIONID_BYTES;
+		item->len = SSL_SESSIONID_BYTES;
 		item->data = (unsigned char*)PORT_Alloc(item->len);
 		PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
 	    } else {
 		item->len = sid->u.ssl3.sessionIDLength;
 		item->data = (unsigned char*)PORT_Alloc(item->len);
 		PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
 	    }
 	}
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -38,485 +38,814 @@
 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server 
  * cache sids!
  *
  * About record locking among different server processes:
  *
  * All processes that are part of the same conceptual server (serving on 
  * the same address and port) MUST share a common SSL session cache. 
  * This code makes the content of the shared cache accessible to all
- * processes on the same "server".  This code works on Unix and Win32 only.
+ * processes on the same "server".  This code works on Unix and Win32 only,
+ * and is platform specific. 
  *
- * We use NSPR anonymous shared memory and move data to & from shared memory.
- * We must do explicit locking of the records for all reads and writes.
- * The set of Cache entries are divided up into "sets" of 128 entries. 
- * Each set is protected by a lock.  There may be one or more sets protected
- * by each lock.  That is, locks to sets are 1:N.
- * There is one lock for the entire cert cache.
- * There is one lock for the set of wrapped sym wrap keys.
+ * Unix: Multiple processes share a single (inherited) FD for a disk 
+ * file all share one single file position.  If one lseeks, the position for 
+ * all processes is changed.  Since the set of platforms we support do not 
+ * all share portable lseek-and-read or lseek-and-write functions, a global 
+ * lock must be used to make the lseek call and the subsequent read or write 
+ * call be one atomic operation.  It is no longer necessary for cache element 
+ * sizes to be a power of 2, or a multiple of a sector size.
  *
- * The anonymous shared memory is laid out as if it were declared like this:
+ * For Win32, where (a) disk I/O is not atomic, and (b) we use memory-mapped
+ * files and move data to & from memory instead of calling read or write,
+ * we must do explicit locking of the records for all reads and writes.
+ * We have just one lock, for the entire file, using an NT semaphore.
+ * We avoid blocking on "local threads" since it's bad to block on a local 
+ * thread - If NSPR offered portable semaphores, it would handle this itself.
  *
- * struct {
- *     cacheDescriptor          desc;
- *     sidCacheLock             sidCacheLocks[ numSIDCacheLocks];
- *     sidCacheLock             keyCacheLock;
- *     sidCacheLock             certCacheLock;
- *     sidCacheSet              sidCacheSets[ numSIDCacheSets ];
- *     sidCacheEntry            sidCacheData[ numSIDCacheEntries];
- *     certCacheEntry           certCacheData[numCertCacheEntries];
- *     SSLWrappedSymWrappingKey keyCacheData[kt_kea_size][SSL_NUM_WRAP_MECHS];
- * } sharedMemCacheData;
+ * Since this file has to do lots of platform specific I/O, the system
+ * dependent error codes need to be mapped back into NSPR error codes.
+ * Since NSPR's error mapping functions are private, the code is necessarily
+ * duplicated in libSSL.
+ *
+ * Note, now that NSPR provides portable anonymous shared memory, for all
+ * platforms except Mac, the implementation below should be replaced with 
+ * one that uses anonymous shared memory ASAP.  This will eliminate most 
+ * platform dependent code in this file, and improve performance big time.
+ *
+ * Now that NSPR offers portable cross-process locking (semaphores) on Unix
+ * and Win32, semaphores should be used here for all platforms.
  */
 #include "nssrenam.h"
 #include "seccomon.h"
 
 #if defined(XP_UNIX) || defined(XP_WIN32)
+#ifndef NADA_VERISON
 
 #include "cert.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "pk11func.h"
 #include "base64.h"
 
 #include <stdio.h>
 
 #ifdef XP_UNIX
 
 #include <syslog.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
-#include <signal.h>
 #include "unix_err.h"
 
 #else /* XP_WIN32 */
+#ifdef MC_HTTPD
+#include <ereport.h>
+#endif /* MC_HTTPD */
 #include <wtypes.h>
 #include "win32err.h"
 #endif /* XP_WIN32 */
 #include <sys/types.h>
 
 #define SET_ERROR_CODE /* reminder */
 
 #include "nspr.h"
 #include "nsslocks.h"
-#include "sslmutex.h"
+
+static PZLock *cacheLock;
 
 /*
-** Format of a cache entry in the shared memory.
+** The server session-id cache uses a simple flat cache. The cache is
+** sized during initialization. We hash the ip-address + session-id value
+** into an index into the cache and do the lookup. No buckets, nothing
+** fancy.
+*/
+
+static PRBool isMultiProcess  = PR_FALSE;
+
+static PRUint32 numSIDCacheEntries  = 10000; 
+static PRUint32 sidCacheFileSize;
+static PRUint32 sidCacheWrapOffset;
+
+static PRUint32 numCertCacheEntries = 250;
+static PRUint32 certCacheFileSize;
+
+#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
+
+
+/*
+** Format of a cache entry.
 */ 
-struct sidCacheEntryStr {
-/* 16 */    PRIPv6Addr  addr;	/* client's IP address */
-/*  4 */    PRUint32    time;	/* expiration time of this entry */
-/*  2 */    PRUint16	version;
-/*  1 */    PRUint8	valid;
-/*  1 */    PRUint8     sessionIDLength;
-/* 32 */    PRUint8     sessionID[SSL3_SESSIONID_BYTES];
-/* 56  - common header total */
+typedef struct SIDCacheEntryStr SIDCacheEntry;
+struct SIDCacheEntryStr {
+    PRIPv6Addr addr;
+    PRUint32 time;
 
     union {
 	struct {
-/* 64 */    PRUint8	masterKey[SSL_MAX_MASTER_KEY_BYTES];
-/* 32 */    PRUint8	cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
+	    /* This is gross.  We have to have version and valid in both arms
+	     * of the union for alignment reasons.  This probably won't work
+	     * on a 64-bit machine. XXXX
+	     */
+/*  2 */    uint16        version;
+/*  1 */    unsigned char valid;
+/*  1 */    unsigned char cipherType;
 
-/*  1 */    PRUint8	cipherType;
-/*  1 */    PRUint8	masterKeyLen;
-/*  1 */    PRUint8	keyBits;
-/*  1 */    PRUint8	secretKeyBits;
-/*  1 */    PRUint8	cipherArgLen;
-/*101 */} ssl2;
+/* 16 */    unsigned char sessionID[SSL_SESSIONID_BYTES];
+/* 64 */    unsigned char masterKey[SSL_MAX_MASTER_KEY_BYTES];
+/* 32 */    unsigned char cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
+
+/*  1 */    unsigned char masterKeyLen;
+/*  1 */    unsigned char keyBits;
+
+/*  1 */    unsigned char secretKeyBits;
+/*  1 */    unsigned char cipherArgLen;
+/*120 */} ssl2;
 
 	struct {
-/*  2 */    ssl3CipherSuite  cipherSuite;
-/*  2 */    PRUint16    compression; 	/* SSL3CompressionMethod */
+/*  2 */    uint16           version;
+/*  1 */    unsigned char    valid;
+/*  1 */    uint8            sessionIDLength;
 
-/*122 */    ssl3SidKeys keys;	/* keys and ivs, wrapped as needed. */
-/*  1 */    PRUint8     hasFortezza;
-/*  1 */    PRUint8     resumable;
+/* 32 */    unsigned char    sessionID[SSL3_SESSIONID_BYTES];
+
+/*  2 */    ssl3CipherSuite  cipherSuite;
+/*  2 */    uint16           compression; 	/* SSL3CompressionMethod */
 
-/*  4 */    PRUint32    masterWrapMech; 
-/*  4 */    SSL3KEAType exchKeyType;
-/*  4 */    PRInt32     certIndex;
-/*140 */} ssl3;
-#if defined(LINUX)
+/*122 */    ssl3SidKeys      keys;	/* keys and ivs, wrapped as needed. */
+/*  4 */    PRUint32         masterWrapMech; 
+/*  4 */    SSL3KEAType      exchKeyType;
+
+/*  2 */    int16            certIndex;
+/*  1 */    uint8            hasFortezza;
+/*  1 */    uint8            resumable;
+	} ssl3;
+	/* We can't make this struct fit in 128 bytes 
+	 * so, force the struct size up to the next power of two.
+	 */
 	struct {
-	    PRUint8     filler[144];	
-	} forceSize;
-#endif
+	    unsigned char filler[256 - sizeof(PRIPv6Addr) - sizeof(PRUint32)];
+	} force256;
     } u;
 };
-typedef struct sidCacheEntryStr sidCacheEntry;
+
 
+typedef struct CertCacheEntryStr CertCacheEntry;
 
 /* The length of this struct is supposed to be a power of 2, e.g. 4KB */
-struct certCacheEntryStr {
-    PRUint16    certLength;				/*    2 */
-    PRUint16    sessionIDLength;			/*    2 */
-    PRUint8 	sessionID[SSL3_SESSIONID_BYTES];	/*   32 */
-    PRUint8 	cert[SSL_MAX_CACHED_CERT_LEN];		/* 4060 */
+struct CertCacheEntryStr {
+    uint16        certLength;				/*    2 */
+    uint16        sessionIDLength;			/*    2 */
+    unsigned char sessionID[SSL3_SESSIONID_BYTES];	/*   32 */
+    unsigned char cert[SSL_MAX_CACHED_CERT_LEN];	/* 4060 */
 };						/* total   4096 */
-typedef struct certCacheEntryStr certCacheEntry;
-
-struct sidCacheLockStr {
-    PRUint32	timeStamp;
-    sslMutex	mutex;
-    sslPID	pid;
-};
-typedef struct sidCacheLockStr sidCacheLock;
-
-struct sidCacheSetStr {
-    PRIntn	next;
-};
-typedef struct sidCacheSetStr sidCacheSet;
-
-struct cacheDescStr {
-
-    PRUint32            sharedMemSize;
-
-    PRUint32		numSIDCacheLocks;
-    PRUint32		numSIDCacheSets;
-    PRUint32		numSIDCacheSetsPerLock;
-
-    PRUint32            numSIDCacheEntries; 
-    PRUint32            sidCacheSize;
 
-    PRUint32            numCertCacheEntries;
-    PRUint32            certCacheSize;
 
-    PRUint32            numKeyCacheEntries;
-    PRUint32            keyCacheSize;
-
-    PRUint32		ssl2Timeout;
-    PRUint32		ssl3Timeout;
-
-    /* These values are volatile, and are accessed through sharedCache-> */
-    PRUint32		nextCertCacheEntry;	/* certCacheLock protects */
-    PRBool      	stopPolling;
-
-    /* The private copies of these values are pointers into shared mem */
-    /* The copies of these values in shared memory are merely offsets */
-    sidCacheLock    *          sidCacheLocks;
-    sidCacheLock    *          keyCacheLock;
-    sidCacheLock    *          certCacheLock;
-    sidCacheSet     *          sidCacheSets;
-    sidCacheEntry   *          sidCacheData;
-    certCacheEntry  *          certCacheData;
-    SSLWrappedSymWrappingKey * keyCacheData;
-
-    /* Only the private copies of these pointers are valid */
-    char *                     sharedMem;
-    struct cacheDescStr *      sharedCache;  /* shared copy of this struct */
-    PRFileMap *                cacheMemMap;
-    PRThread  *                poller;
-};
-typedef struct cacheDescStr cacheDesc;
-
-static cacheDesc globalCache;
+static void IOError(int rv, char *type);
+static PRUint32 Offset(const PRIPv6Addr *addr, unsigned char *s, unsigned nl);
+static void Invalidate(SIDCacheEntry *sce);
+/************************************************************************/
 
 static const char envVarName[] = { SSL_ENV_VAR_NAME };
 
-static PRBool isMultiProcess  = PR_FALSE;
-
+#ifdef _WIN32
 
-#define DEF_SID_CACHE_ENTRIES  10000
-#define DEF_CERT_CACHE_ENTRIES 250
-#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
-#define DEF_KEY_CACHE_ENTRIES  250
+struct winInheritanceStr {
+    PRUint32 numSIDCacheEntries;
+    PRUint32 sidCacheFileSize;
+    PRUint32 sidCacheWrapOffset;
+    PRUint32 numCertCacheEntries;
+    PRUint32 certCacheFileSize;
 
-#define SID_CACHE_ENTRIES_PER_SET  128
-#define SID_ALIGNMENT          16
+    DWORD         parentProcessID;
+    HANDLE        parentProcessHandle;
+    HANDLE        SIDCacheFDMAP;
+    HANDLE        certCacheFDMAP;
+    HANDLE        svrCacheSem;
+};
+typedef struct winInheritanceStr winInheritance;
 
-#define DEF_SSL2_TIMEOUT	100   /* seconds */
-#define MAX_SSL2_TIMEOUT	100   /* seconds */
-#define MIN_SSL2_TIMEOUT	  5   /* seconds */
-
-#define DEF_SSL3_TIMEOUT      86400L  /* 24 hours */
-#define MAX_SSL3_TIMEOUT      86400L  /* 24 hours */
-#define MIN_SSL3_TIMEOUT          5   /* seconds  */
+static HANDLE svrCacheSem    = INVALID_HANDLE_VALUE;
 
-#if defined(AIX) || defined(LINUX)
-#define MAX_SID_CACHE_LOCKS 8	/* two FDs per lock */
-#elif defined(OSF1)
-#define MAX_SID_CACHE_LOCKS 16	/* one FD per lock */
-#else
-#define MAX_SID_CACHE_LOCKS 256
-#endif
+static char * SIDCacheData    = NULL;
+static HANDLE SIDCacheFD      = INVALID_HANDLE_VALUE;
+static HANDLE SIDCacheFDMAP   = INVALID_HANDLE_VALUE;
 
-#define SID_HOWMANY(val, size) (((val) + ((size) - 1)) / (size))
-#define SID_ROUNDUP(val, size) ((size) * SID_HOWMANY((val), (size)))
+static char * certCacheData   = NULL;
+static HANDLE certCacheFD     = INVALID_HANDLE_VALUE;
+static HANDLE certCacheFDMAP  = INVALID_HANDLE_VALUE;
 
-
-static sslPID myPid;
-static PRUint32  ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS;
+static PRUint32 myPid;
 
-/* forward static function declarations */
-static void IOError(int rv, char *type);
-static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl);
-static SECStatus LaunchLockPoller(cacheDesc *cache);
-
-
-
+/* The presence of the TRUE element in this struct makes the semaphore 
+ * inheritable. The NULL means use process's default security descriptor. 
+ */
+static SECURITY_ATTRIBUTES semaphoreAttributes = 
+				{ sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
 
-struct inheritanceStr {
-    PRUint32 sharedMemSize;
-    PRUint16 fmStrLen;
-};
+static SECURITY_ATTRIBUTES sidCacheFDMapAttributes = 
+				{ sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
 
-typedef struct inheritanceStr inheritance;
-
-#ifdef _WIN32
+static SECURITY_ATTRIBUTES certCacheFDMapAttributes = 
+				{ sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
 
 #define DEFAULT_CACHE_DIRECTORY "\\temp"
 
+static SECStatus
+createServerCacheSemaphore(void)
+{
+    PR_ASSERT(svrCacheSem == INVALID_HANDLE_VALUE);
+
+    /* inheritable, starts signalled, 1 signal max, no file name. */
+    svrCacheSem = CreateSemaphore(&semaphoreAttributes, 1, 1, NULL);
+    if (svrCacheSem == NULL) {
+	svrCacheSem = INVALID_HANDLE_VALUE;
+	/* We could get the error code, but what could be do with it ? */
+	nss_MD_win32_map_default_error(GetLastError());
+    	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+_getServerCacheSemaphore(void)
+{
+    DWORD     event;
+    DWORD     lastError;
+    SECStatus rv;
+
+    PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+    if (svrCacheSem == INVALID_HANDLE_VALUE &&
+    	SECSuccess   != createServerCacheSemaphore()) {
+	return SECFailure;	/* what else ? */
+    }
+    event = WaitForSingleObject(svrCacheSem, INFINITE);
+    switch (event) {
+    case WAIT_OBJECT_0:
+    case WAIT_ABANDONED:
+	rv = SECSuccess;
+    	break;
+
+    case WAIT_TIMEOUT:
+    case WAIT_IO_COMPLETION:
+    default: 		/* should never happen. nothing we can do. */
+	PR_ASSERT(("WaitForSingleObject returned invalid value.", 0));
+	/* fall thru */
+
+    case WAIT_FAILED:		/* failure returns this */
+	rv = SECFailure;
+	lastError = GetLastError();	/* for debugging */
+	nss_MD_win32_map_default_error(lastError);
+	break;
+    }
+    return rv;
+}
+
+static void
+_doGetServerCacheSemaphore(void * arg)
+{
+    SECStatus * rv = (SECStatus *)arg;
+    *rv = _getServerCacheSemaphore();
+}
+
+static SECStatus
+getServerCacheSemaphore(void)
+{
+    PRThread *    selectThread;
+    PRThread *    me    	= PR_GetCurrentThread();
+    PRThreadScope scope 	= PR_GetThreadScope(me);
+    SECStatus     rv    	= SECFailure;
+
+    if (scope == PR_GLOBAL_THREAD) {
+        rv = _getServerCacheSemaphore();
+    } else {
+        selectThread = PR_CreateThread(PR_USER_THREAD,
+				       _doGetServerCacheSemaphore, &rv,
+				       PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+				       PR_JOINABLE_THREAD, 0);
+        if (selectThread != NULL) {
+	    /* rv will be set by _doGetServerCacheSemaphore() */
+	    PR_JoinThread(selectThread);
+        }
+    }
+    return rv;
+}
+
+static SECStatus
+releaseServerCacheSemaphore(void)
+{
+    BOOL success = FALSE;
+
+    PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+    if (svrCacheSem != INVALID_HANDLE_VALUE) {
+	/* Add 1, don't want previous value. */
+	success = ReleaseSemaphore(svrCacheSem, 1, NULL);
+    }
+    if (!success) {
+	nss_MD_win32_map_default_error(GetLastError());
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static void
+destroyServerCacheSemaphore(void)
+{
+    PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+    if (svrCacheSem != INVALID_HANDLE_VALUE) {
+	CloseHandle(svrCacheSem);
+	/* ignore error */
+	svrCacheSem = INVALID_HANDLE_VALUE;
+    }
+}
+
+#define GET_SERVER_CACHE_READ_LOCK(fd, offset, size) \
+    if (isMultiProcess) getServerCacheSemaphore();
+
+#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
+    if (isMultiProcess) getServerCacheSemaphore();
+
+#define RELEASE_SERVER_CACHE_LOCK(fd, offset, size) \
+    if (isMultiProcess) releaseServerCacheSemaphore();
+
 #endif /* _win32 */
 
+/************************************************************************/
+
 #ifdef XP_UNIX
+static int    SIDCacheFD      = -1;
+static int    certCacheFD     = -1;
+
+static pid_t  myPid;
+
+struct unixInheritanceStr {
+    PRUint32 numSIDCacheEntries;
+    PRUint32 sidCacheFileSize;
+    PRUint32 sidCacheWrapOffset;
+    PRUint32 numCertCacheEntries;
+    PRUint32 certCacheFileSize;
+
+    PRInt32  SIDCacheFD;
+    PRInt32  certCacheFD;
+};
+
+typedef struct unixInheritanceStr unixInheritance;
+
 
 #define DEFAULT_CACHE_DIRECTORY "/tmp"
 
+#ifdef TRACE
+static void 
+fcntlFailed(struct flock *lock) 
+{
+    fprintf(stderr,
+    "fcntl failed, errno = %d, PR_GetError = %d, lock.l_type = %d\n",
+	errno, PR_GetError(), lock->l_type);
+    fflush(stderr);
+}
+#define FCNTL_FAILED(lock) fcntlFailed(lock)
+#else
+#define FCNTL_FAILED(lock) 
+#endif
+
+/* NOTES:  Because there are no atomic seek-and-read and seek-and-write
+** functions that are supported on all our UNIX platforms, we need
+** to prevent all simultaeous seek-and-read operations.  For that reason,
+** we use mutually exclusive (write) locks for read and write operations,
+** and use them all at the same offset (zero).
+*/
+static SECStatus
+_getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
+{
+    int          result;
+    struct flock lock;
+
+    memset(&lock, 0, sizeof lock);
+    lock.l_type   = /* type */ F_WRLCK;
+    lock.l_whence = SEEK_SET;	/* absolute file offsets. */
+    lock.l_start  = 0;
+    lock.l_len    = 128;
+
+#ifdef TRACE
+    if (ssl_trace) {
+	fprintf(stderr, "%d: %s lock, offset %8x, size %4d\n", myPid,
+	    (type == F_RDLCK) ? "read " : "write", offset, size);
+	fflush(stderr);
+    }
+#endif
+    result = fcntl(fd, F_SETLKW, &lock);
+    if (result == -1) {
+        nss_MD_unix_map_default_error(errno);
+	FCNTL_FAILED(&lock);
+    	return SECFailure;
+    }
+#ifdef TRACE
+    if (ssl_trace) {
+	fprintf(stderr, "%d:   got lock, offset %8x, size %4d\n", 
+	    myPid, offset, size);
+	fflush(stderr);
+    }
+#endif
+    return SECSuccess;
+}
+
+typedef struct sslLockArgsStr {
+    PRUint32    offset;
+    PRUint32    size;
+    PRErrorCode err;
+    SECStatus   rv;
+    int         fd;
+    short       type;
+} sslLockArgs;
+
+static void
+_doGetServerCacheLock(void * arg)
+{
+    sslLockArgs * args = (sslLockArgs *)arg;
+    args->rv = _getServerCacheLock(args->fd, args->type, args->offset, 
+				   args->size );
+    if (args->rv != SECSuccess) {
+	args->err = PR_GetError();
+    }
+}
+
+static SECStatus
+getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
+{
+    PRThread *    selectThread;
+    PRThread *    me    	= PR_GetCurrentThread();
+    PRThreadScope scope 	= PR_GetThreadScope(me);
+    SECStatus     rv    	= SECFailure;
+
+    if (scope == PR_GLOBAL_THREAD) {
+        rv = _getServerCacheLock(fd, type, offset, size);
+    } else {
+	/* Ib some platforms, one thread cannot read local/automatic 
+	** variables from another thread's stack.  So, get this space
+	** from the heap, not the stack.
+	*/
+	sslLockArgs * args = PORT_New(sslLockArgs);
+
+	if (!args)
+	    return rv;
+
+	args->offset = offset;
+	args->size   = size;
+	args->rv     = SECFailure;
+	args->fd     = fd;
+	args->type   = type;
+        selectThread = PR_CreateThread(PR_USER_THREAD,
+				       _doGetServerCacheLock, args,
+				       PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+				       PR_JOINABLE_THREAD, 0);
+        if (selectThread != NULL) {
+	    /* rv will be set by _doGetServerCacheLock() */
+	    PR_JoinThread(selectThread);
+	    rv = args->rv;
+	    if (rv != SECSuccess) {
+		PORT_SetError(args->err);
+	    }
+        }
+	PORT_Free(args);
+    }
+    return rv;
+}
+
+static SECStatus
+releaseServerCacheLock(int fd, PRUint32 offset, PRUint32 size)
+{
+    int          result;
+    struct flock lock;
+
+    memset(&lock, 0, sizeof lock);
+    lock.l_type   = F_UNLCK;
+    lock.l_whence = SEEK_SET;	/* absolute file offsets. */
+    lock.l_start  = 0;
+    lock.l_len    = 128;
+
+#ifdef TRACE
+    if (ssl_trace) {
+	fprintf(stderr, "%d:     unlock, offset %8x, size %4d\n", 
+	    myPid, offset, size);
+	fflush(stderr);
+    }
+#endif
+    result = fcntl(fd, F_SETLK, &lock);
+    if (result == -1) {
+        nss_MD_unix_map_default_error(errno);
+	FCNTL_FAILED(&lock);
+    	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+
+/* these defines take the arguments needed to do record locking, 
+ * however the present implementation does only file locking.
+ */
+
+#define GET_SERVER_CACHE_READ_LOCK( fd, offset, size) \
+    if (isMultiProcess) getServerCacheLock(fd, F_RDLCK, offset, size);
+
+#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
+    if (isMultiProcess) getServerCacheLock(fd, F_WRLCK, offset, size);
+
+#define RELEASE_SERVER_CACHE_LOCK(  fd, offset, size) \
+    if (isMultiProcess) releaseServerCacheLock(fd, offset, size);
+
+/*
+** Zero a file out to nb bytes
+*/
+static SECStatus 
+ZeroFile(int fd, int nb)
+{
+    off_t off;
+    int amount, rv;
+    char buf[16384];
+
+    PORT_Memset(buf, 0, sizeof(buf));
+    off = lseek(fd, 0, SEEK_SET);
+    if (off != 0) {
+	if (off == -1) 
+	    nss_MD_unix_map_lseek_error(errno);
+    	else
+	    PORT_SetError(PR_FILE_SEEK_ERROR);
+    	return SECFailure;
+    }
+
+    while (nb > 0) {
+	amount = (nb > sizeof buf) ? sizeof buf : nb;
+	rv = write(fd, buf, amount);
+	if (rv <= 0) {
+	    if (!rv)
+	    	PORT_SetError(PR_IO_ERROR);
+	    else
+		nss_MD_unix_map_write_error(errno);
+	    IOError(rv, "zero-write");
+	    return SECFailure;
+	}
+	nb -= rv;
+    }
+    return SECSuccess;
+}
+
 #endif /* XP_UNIX */
 
 
 /************************************************************************/
 
-static void 
-IOError(int rv, char *type)
-{
-#ifdef XP_UNIX
-    syslog(LOG_ALERT,
-	   "SSL: %s error with session-id cache, pid=%d, rv=%d, error='%m'",
-	   type, myPid, rv);
-#else /* XP_WIN32 */
-    /* wish win32 had something like syslog() */
-#endif /* XP_UNIX */
-}
-
-static PRUint32
-LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
+/*
+** Reconstitute a cert from the cache
+** This is only called from ConvertToSID().
+** Caller must hold the cache lock before calling this.
+*/
+static CERTCertificate *
+GetCertFromCache(SIDCacheEntry *sce, CERTCertDBHandle *dbHandle)
 {
-    SECStatus      rv      = sslMutex_Lock(&lock->mutex);
-    if (rv != SECSuccess)
-    	return 0;
-    if (!now)
-	now  = ssl_Time();
-    lock->timeStamp = now;
-    lock->pid       = myPid;
-    return now;
-}
+    CERTCertificate *cert;
+    PRUint32         offset;
+    int              rv;
+#ifdef XP_UNIX
+    off_t            off;
+#endif
+    SECItem          derCert;
+    CertCacheEntry   cce;
 
-static SECStatus
-UnlockSidCacheLock(sidCacheLock *lock)
-{
-    SECStatus      rv;
+    offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
+    GET_SERVER_CACHE_READ_LOCK(certCacheFD, offset, sizeof(CertCacheEntry));
+#ifdef XP_UNIX
+    off = lseek(certCacheFD, offset, SEEK_SET);
+    rv = -1;
+    if (off != offset) {
+	if (off == -1) 
+	    nss_MD_unix_map_lseek_error(errno);
+	else 
+	    PORT_SetError(PR_FILE_SEEK_ERROR);
+    } else {
+	rv = read(certCacheFD, &cce, sizeof(CertCacheEntry));
+	if (rv != sizeof(CertCacheEntry)) {
+	    if (rv == -1)
+		nss_MD_unix_map_read_error(errno);
+	    else
+	    	PORT_SetError(PR_IO_ERROR);
+	}
+    }
+#else /* XP_WIN32 */
+    /* Use memory mapped I/O and just memcpy() the data */
+    CopyMemory(&cce, &certCacheData[offset], sizeof(CertCacheEntry));
+    rv = sizeof cce;
+#endif /* XP_WIN32 */
+    RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof(CertCacheEntry))
 
-    lock->pid = 0;
-    rv        = sslMutex_Unlock(&lock->mutex);
-    return rv;
+    if (rv != sizeof(CertCacheEntry)) {
+	IOError(rv, "read");	/* error set above */
+	return NULL;
+    }
+
+    /* See if the session ID matches with that in the sce cache. */
+    if((cce.sessionIDLength != sce->u.ssl3.sessionIDLength) ||
+       PORT_Memcmp(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength)) {
+        /* this is a cache miss, not an error */
+	PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+	return NULL;
+    }
+
+    derCert.len  = cce.certLength;
+    derCert.data = cce.cert;
+
+    cert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
+				   PR_FALSE, PR_TRUE);
+
+    return cert;
 }
 
-/* returns the value of ssl_Time on success, zero on failure. */
-static PRUint32
-LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
+/* Put a certificate in the cache.  We assume that the certIndex in
+** sid is valid.
+*/
+static void
+CacheCert(CERTCertificate *cert, SIDCacheEntry *sce)
 {
-    PRUint32       lockNum = set % cache->numSIDCacheLocks;
-    sidCacheLock * lock    = cache->sidCacheLocks + lockNum;
-
-    return LockSidCacheLock(lock, now);
-}
-
-static SECStatus
-UnlockSet(cacheDesc *cache, PRUint32 set)
-{
-    PRUint32       lockNum = set % cache->numSIDCacheLocks;
-    sidCacheLock * lock    = cache->sidCacheLocks + lockNum;
-
-    return UnlockSidCacheLock(lock);
-}
+    PRUint32       offset;
+    CertCacheEntry cce;
+#ifdef XP_UNIX
+    off_t          off;
+    int            rv;
+#endif
 
-/************************************************************************/
-
-
-/* Put a certificate in the cache.  Update the cert index in the sce.
-*/
-static PRUint32
-CacheCert(cacheDesc * cache, CERTCertificate *cert, sidCacheEntry *sce)
-{
-    PRUint32        now;
-    certCacheEntry  cce;
-
-    if ((cert->derCert.len > SSL_MAX_CACHED_CERT_LEN) ||
-        (cert->derCert.len <= 0) ||
-	(cert->derCert.data == NULL)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return 0;
-    }
-
-    cce.sessionIDLength = sce->sessionIDLength;
-    PORT_Memcpy(cce.sessionID, sce->sessionID, cce.sessionIDLength);
+    offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
+    if (cert->derCert.len > SSL_MAX_CACHED_CERT_LEN)
+	return;
+    
+    cce.sessionIDLength = sce->u.ssl3.sessionIDLength;
+    PORT_Memcpy(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength);
 
     cce.certLength = cert->derCert.len;
     PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
 
-    /* get lock on cert cache */
-    now = LockSidCacheLock(cache->certCacheLock, 0);
-    if (now) {
-
-	/* Find where to place the next cert cache entry. */
-	cacheDesc * sharedCache = cache->sharedCache;
-	PRUint32    ndx         = sharedCache->nextCertCacheEntry;
-
-	/* write the entry */
-	cache->certCacheData[ndx] = cce;
+    GET_SERVER_CACHE_WRITE_LOCK(certCacheFD, offset, sizeof cce);
+#ifdef XP_UNIX
+    off = lseek(certCacheFD, offset, SEEK_SET);
+    if (off != offset) {
+	if (off == -1) 
+	    nss_MD_unix_map_lseek_error(errno);
+	else 
+	    PORT_SetError(PR_FILE_SEEK_ERROR);
+    } else {
+	rv = write(certCacheFD, &cce, sizeof cce);
+	if (rv != sizeof(CertCacheEntry)) {
+	    if (rv == -1)
+		nss_MD_unix_map_write_error(errno);
+	    else
+	    	PORT_SetError(PR_IO_ERROR);
+	    IOError(rv, "cert-write");
+	    Invalidate(sce);
+	}
+    }
+#else /* WIN32 */
+    /* Use memory mapped I/O and just memcpy() the data */
+    CopyMemory(&certCacheData[offset], &cce, sizeof cce);
+#endif /* XP_UNIX */
 
-	/* remember where we put it. */
-	sce->u.ssl3.certIndex = ndx;
-
-	/* update the "next" cache entry index */
-	sharedCache->nextCertCacheEntry = 
-					(ndx + 1) % cache->numCertCacheEntries;
-
-	UnlockSidCacheLock(cache->certCacheLock);
-    }
-    return now;
-
+    RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof cce);
+    return;
 }
 
 /*
 ** Convert memory based SID to file based one
 */
 static void 
-ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
+ConvertFromSID(SIDCacheEntry *to, sslSessionID *from)
 {
-    to->valid   = 1;
-    to->version = from->version;
-    to->addr    = from->addr;
-    to->time    = from->time;
+    to->u.ssl2.valid = 1;
+    to->u.ssl2.version = from->version;
+    to->addr = from->addr;
+    to->time = from->time;
 
     if (from->version < SSL_LIBRARY_VERSION_3_0) {
 	if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) ||
 	    (from->u.ssl2.cipherArg.len > SSL_MAX_CYPHER_ARG_BYTES)) {
 	    SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d",
 		     myPid, from->u.ssl2.masterKey.len,
 		     from->u.ssl2.cipherArg.len));
-	    to->valid = 0;
+	    to->u.ssl2.valid = 0;
 	    return;
 	}
 
 	to->u.ssl2.cipherType    = from->u.ssl2.cipherType;
 	to->u.ssl2.masterKeyLen  = from->u.ssl2.masterKey.len;
 	to->u.ssl2.cipherArgLen  = from->u.ssl2.cipherArg.len;
 	to->u.ssl2.keyBits       = from->u.ssl2.keyBits;
 	to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
-	to->sessionIDLength      = SSL2_SESSIONID_BYTES;
-	PORT_Memcpy(to->sessionID, from->u.ssl2.sessionID, SSL2_SESSIONID_BYTES);
+	PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
+		  sizeof(to->u.ssl2.sessionID));
 	PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data,
 		  from->u.ssl2.masterKey.len);
 	PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data,
 		  from->u.ssl2.cipherArg.len);
 #ifdef DEBUG
 	PORT_Memset(to->u.ssl2.masterKey+from->u.ssl2.masterKey.len, 0,
 		  sizeof(to->u.ssl2.masterKey) - from->u.ssl2.masterKey.len);
 	PORT_Memset(to->u.ssl2.cipherArg+from->u.ssl2.cipherArg.len, 0,
 		  sizeof(to->u.ssl2.cipherArg) - from->u.ssl2.cipherArg.len);
 #endif
 	SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d "
 		    "time=%d addr=0x%08x%08x%08x%08x cipherType=%d", myPid,
 		    to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen,
-		    to->time, to->addr.pr_s6_addr32[0],
+		    to->time, to->addr.pr_s6_addr32[0], 
 		    to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
 		    to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
     } else {
 	/* This is an SSL v3 session */
 
+	to->u.ssl3.sessionIDLength  = from->u.ssl3.sessionIDLength;
 	to->u.ssl3.cipherSuite      = from->u.ssl3.cipherSuite;
 	to->u.ssl3.compression      = (uint16)from->u.ssl3.compression;
 	to->u.ssl3.resumable        = from->u.ssl3.resumable;
 	to->u.ssl3.hasFortezza      = from->u.ssl3.hasFortezza;
 	to->u.ssl3.keys             = from->u.ssl3.keys;
 	to->u.ssl3.masterWrapMech   = from->u.ssl3.masterWrapMech;
 	to->u.ssl3.exchKeyType      = from->u.ssl3.exchKeyType;
-	to->sessionIDLength         = from->u.ssl3.sessionIDLength;
-	to->u.ssl3.certIndex        = -1;
 
-	PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
-		    to->sessionIDLength);
+	PORT_Memcpy(to->u.ssl3.sessionID, 
+	            from->u.ssl3.sessionID,
+		    from->u.ssl3.sessionIDLength);
 
-	SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
-	            "cipherSuite=%d",
+	SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x cipherSuite=%d",
 		    myPid, to->time, to->addr.pr_s6_addr32[0],
 		    to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
 		    to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
     }
 }
 
 /*
 ** Convert file based cache-entry to memory based one
 ** This is only called from ServerSessionIDLookup().
 ** Caller must hold cache lock when calling this.
 */
 static sslSessionID *
-ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce, 
-             CERTCertDBHandle * dbHandle)
+ConvertToSID(SIDCacheEntry *from, CERTCertDBHandle * dbHandle)
 {
     sslSessionID *to;
-    uint16 version = from->version;
+    uint16 version = from->u.ssl2.version;
 
     to = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
     if (!to) {
 	return 0;
     }
 
     if (version < SSL_LIBRARY_VERSION_3_0) {
 	/* This is an SSL v2 session */
 	to->u.ssl2.masterKey.data =
 	    (unsigned char*) PORT_Alloc(from->u.ssl2.masterKeyLen);
 	if (!to->u.ssl2.masterKey.data) {
 	    goto loser;
 	}
 	if (from->u.ssl2.cipherArgLen) {
-	    to->u.ssl2.cipherArg.data = 
-	    	(unsigned char*)PORT_Alloc(from->u.ssl2.cipherArgLen);
+	    to->u.ssl2.cipherArg.data = (unsigned char*)
+		PORT_Alloc(from->u.ssl2.cipherArgLen);
 	    if (!to->u.ssl2.cipherArg.data) {
 		goto loser;
 	    }
 	    PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg,
-		        from->u.ssl2.cipherArgLen);
+		      from->u.ssl2.cipherArgLen);
 	}
 
 	to->u.ssl2.cipherType    = from->u.ssl2.cipherType;
 	to->u.ssl2.masterKey.len = from->u.ssl2.masterKeyLen;
 	to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen;
 	to->u.ssl2.keyBits       = from->u.ssl2.keyBits;
 	to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
-/*	to->sessionIDLength      = SSL2_SESSIONID_BYTES; */
-	PORT_Memcpy(to->u.ssl2.sessionID, from->sessionID, SSL2_SESSIONID_BYTES);
+	PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
+		  sizeof from->u.ssl2.sessionID);
 	PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey,
-		    from->u.ssl2.masterKeyLen);
+		  from->u.ssl2.masterKeyLen);
 
 	SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d "
 		    "time=%d addr=0x%08x%08x%08x%08x cipherType=%d",
 		    myPid, to->u.ssl2.masterKey.len,
-		    to->u.ssl2.cipherArg.len, to->time,
+		    to->u.ssl2.cipherArg.len, to->time, 
 		    to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
-		    to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
+		    to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3], 
 		    to->u.ssl2.cipherType));
     } else {
 	/* This is an SSL v3 session */
 
-	to->u.ssl3.sessionIDLength  = from->sessionIDLength;
+	to->u.ssl3.sessionIDLength  = from->u.ssl3.sessionIDLength;
 	to->u.ssl3.cipherSuite      = from->u.ssl3.cipherSuite;
 	to->u.ssl3.compression      = (SSL3CompressionMethod)from->u.ssl3.compression;
 	to->u.ssl3.resumable        = from->u.ssl3.resumable;
 	to->u.ssl3.hasFortezza      = from->u.ssl3.hasFortezza;
 	to->u.ssl3.keys             = from->u.ssl3.keys;
 	to->u.ssl3.masterWrapMech   = from->u.ssl3.masterWrapMech;
 	to->u.ssl3.exchKeyType      = from->u.ssl3.exchKeyType;
 
-	PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength);
+	PORT_Memcpy(to->u.ssl3.sessionID, 
+	            from->u.ssl3.sessionID,
+		    from->u.ssl3.sessionIDLength);
 
 	/* the portions of the SID that are only restored on the client
 	 * are set to invalid values on the server.
 	 */
 	to->u.ssl3.clientWriteKey   = NULL;
 	to->u.ssl3.serverWriteKey   = NULL;
 	to->u.ssl3.tek              = NULL;
 	to->urlSvrName              = NULL;
@@ -529,988 +858,1098 @@ ConvertToSID(sidCacheEntry *from, certCa
 
 	to->u.ssl3.clAuthModuleID   = (SECMODModuleID)-1; /* invalid value */
 	to->u.ssl3.clAuthSlotID     = (CK_SLOT_ID)-1;     /* invalid value */
 	to->u.ssl3.clAuthSeries     = 0;
 	to->u.ssl3.clAuthValid      = PR_FALSE;
 
 	to->u.ssl3.clientWriteSaveLen = 0;
 
-	if (from->u.ssl3.certIndex != -1 && pcce) {
-	    SECItem          derCert;
-
-	    derCert.len  = pcce->certLength;
-	    derCert.data = pcce->cert;
-
-	    to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
-					           PR_FALSE, PR_TRUE);
+	if (from->u.ssl3.certIndex != -1) {
+	    to->peerCert = GetCertFromCache(from, dbHandle);
 	    if (to->peerCert == NULL)
 		goto loser;
 	}
     }
 
-    to->version    = from->version;
-    to->time       = from->time;	/* XXX ??? is expiration time */
+    to->version    = from->u.ssl2.version;
+    to->time       = from->time;
     to->cached     = in_server_cache;
     to->addr       = from->addr;
     to->references = 1;
     
     return to;
 
   loser:
+    Invalidate(from);
     if (to) {
 	if (version < SSL_LIBRARY_VERSION_3_0) {
 	    if (to->u.ssl2.masterKey.data)
 		PORT_Free(to->u.ssl2.masterKey.data);
 	    if (to->u.ssl2.cipherArg.data)
 		PORT_Free(to->u.ssl2.cipherArg.data);
 	}
 	PORT_Free(to);
     }
     return NULL;
 }
 
 
+/* Invalidate a SID cache entry. 
+ * Called from CacheCert, ConvertToSid, and ServerSessionIDUncache. 
+ */
+static void 
+Invalidate(SIDCacheEntry *sce)
+{
+    PRUint32	offset;
+#ifdef XP_UNIX
+    off_t	off;
+    int 	rv;
+#endif
+
+    if (sce == NULL) return;
+
+    if (sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) {
+	offset = Offset(&sce->addr, sce->u.ssl2.sessionID,
+			sizeof sce->u.ssl2.sessionID); 
+    } else {
+	offset = Offset(&sce->addr, sce->u.ssl3.sessionID,
+			sce->u.ssl3.sessionIDLength); 
+    }
+	
+    sce->u.ssl2.valid = 0;
+    SSL_TRC(7, ("%d: SSL: uncaching session-id at offset %ld",
+		    myPid, offset));
+
+    GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
+
+#ifdef XP_UNIX
+    off = lseek(SIDCacheFD, offset, SEEK_SET);
+    if (off != offset) {
+	if (off == -1) 
+	    nss_MD_unix_map_lseek_error(errno);
+	else 
+	    PORT_SetError(PR_FILE_SEEK_ERROR);
+    } else {
+	rv = write(SIDCacheFD, sce, sizeof *sce);
+	if (rv != sizeof *sce) {
+	    if (rv == -1)
+		nss_MD_unix_map_write_error(errno);
+	    else
+	    	PORT_SetError(PR_IO_ERROR);
+	    IOError(rv, "invalidate-write");
+    	}
+    }
+#else /* WIN32 */
+    /* Use memory mapped I/O and just memcpy() the data */
+    CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
+#endif /* XP_UNIX */
+
+    RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
+}
+
+
+static void 
+IOError(int rv, char *type)
+{
+#ifdef XP_UNIX
+    syslog(LOG_ALERT,
+	   "SSL: %s error with session-id cache, pid=%d, rv=%d, error='%m'",
+	   type, myPid, rv);
+#else /* XP_WIN32 */
+#ifdef MC_HTTPD 
+    ereport(LOG_FAILURE, "%s error with session-id cache rv=%d\n",type, rv);
+#endif /* MC_HTTPD */
+#endif /* XP_UNIX */
+}
+
+static void 
+lock_cache(void)
+{
+    PZ_Lock(cacheLock);
+}
+
+static void 
+unlock_cache(void)
+{
+    PZ_Unlock(cacheLock);
+}
 
 /*
 ** Perform some mumbo jumbo on the ip-address and the session-id value to
 ** compute a hash value.
 */
 static PRUint32 
-SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl)
+Offset(const PRIPv6Addr *addr, unsigned char *s, unsigned nl)
 {
     PRUint32 rv;
-    PRUint32 x[8];
 
-    memset(x, 0, sizeof x);
-    if (nl > sizeof x)
-    	nl = sizeof x;
-    memcpy(x, s, nl);
-
-    rv = (addr->pr_s6_addr32[0] ^ addr->pr_s6_addr32[1] ^
-	  addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^
-          x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7])
-	  % cache->numSIDCacheSets;
-    return rv;
+    rv = addr->pr_s6_addr32[3] ^ (((PRUint32)s[0] << 24) | ((PRUint32)s[1] << 16)
+		 | (s[2] << 8) | s[nl-1]);
+    return (rv % numSIDCacheEntries) * sizeof(SIDCacheEntry);
 }
 
 
 
 /*
 ** Look something up in the cache. This will invalidate old entries
-** in the process. Caller has locked the cache set!
+** in the process. Caller has locked the cache!
 ** Returns PR_TRUE if found a valid match.  PR_FALSE otherwise.
 */
-static sidCacheEntry *
-FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now,
-        const PRIPv6Addr *addr, unsigned char *sessionID,
-	unsigned sessionIDLength)
+static PRBool 
+FindSID(const PRIPv6Addr *addr, unsigned char *sessionID,
+	unsigned sessionIDLength, SIDCacheEntry *sce)
 {
-    PRUint32      ndx   = cache->sidCacheSets[setNum].next;
-    int           i;
-
-    sidCacheEntry * set = cache->sidCacheData + 
-    			 (setNum * SID_CACHE_ENTRIES_PER_SET);
-
-    for (i = SID_CACHE_ENTRIES_PER_SET; i > 0; --i) {
-	sidCacheEntry * sce;
-
-	ndx  = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET;
-	sce = set + ndx;
-
-	if (!sce->valid)
-	    continue;
+    PRUint32      offset;
+    PRUint32      now;
+    int           rv;
+#ifdef XP_UNIX
+    off_t         off;
+#endif
 
-	if (now > sce->time) {
-	    /* SessionID has timed out. Invalidate the entry. */
-	    SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x "
-			"time+=%x",
-			myPid, sce->addr.pr_s6_addr32[0],
-			sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
-			sce->addr.pr_s6_addr32[3], now,
-			sce->time + ssl_sid_timeout));
-	    sce->valid = 0;
-	    continue;
-	}
+    /* Read in cache entry after hashing ip address and session-id value */
+    offset = Offset(addr, sessionID, sessionIDLength); 
+    now = ssl_Time();
+    GET_SERVER_CACHE_READ_LOCK(SIDCacheFD, offset, sizeof *sce);
+#ifdef XP_UNIX
+    off = lseek(SIDCacheFD, offset, SEEK_SET);
+    rv = -1;
+    if (off != offset) {
+	if (off == -1) 
+	    nss_MD_unix_map_lseek_error(errno);
+	else 
+	    PORT_SetError(PR_FILE_SEEK_ERROR);
+    } else {
+	rv = read(SIDCacheFD, sce, sizeof *sce);
+	if (rv != sizeof *sce) {
+	    if (rv == -1) 
+		nss_MD_unix_map_read_error(errno);
+	    else 
+		PORT_SetError(PR_IO_ERROR);
+    	}
+    }
+#else /* XP_WIN32 */
+    /* Use memory mapped I/O and just memcpy() the data */
+    CopyMemory(sce, &SIDCacheData[offset], sizeof *sce);
+    rv = sizeof *sce;
+#endif /* XP_WIN32 */
+    RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
 
-	/*
-	** Next, examine specific session-id/addr data to see if the cache
-	** entry matches our addr+session-id value
-	*/
-	if (sessionIDLength == sce->sessionIDLength      &&
-	    !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
-	    !memcmp(sce->sessionID, sessionID, sessionIDLength)) {
-	    /* Found it */
-	    return sce;
-	}
+    if (rv != sizeof *sce) {
+	IOError(rv, "server sid cache read");
+	return PR_FALSE;
+    }
+
+    if (!sce->u.ssl2.valid) {
+	/* Entry is not valid */
+	PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+	return PR_FALSE;
     }
 
+    if (((sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) &&
+	 (now > sce->time + ssl_sid_timeout)) ||
+	((sce->u.ssl2.version >= SSL_LIBRARY_VERSION_3_0) &&
+	 (now > sce->time + ssl3_sid_timeout))) {
+	/* SessionID has timed out. Invalidate the entry. */
+	SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x time+=%x",
+		    myPid, sce->addr.pr_s6_addr32[0],
+		    sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
+		    sce->addr.pr_s6_addr32[3], now, 
+		    sce->time + ssl_sid_timeout));
+	sce->u.ssl2.valid = 0;
+
+	GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
+#ifdef XP_UNIX
+	off = lseek(SIDCacheFD, offset, SEEK_SET);
+	rv = -1;
+	if (off != offset) {
+	    if (off == -1) 
+		nss_MD_unix_map_lseek_error(errno);
+	    else
+	    	PORT_SetError(PR_IO_ERROR);
+	} else {
+	    rv = write(SIDCacheFD, sce, sizeof *sce);
+	    if (rv != sizeof *sce) {
+		if (rv == -1) 
+		    nss_MD_unix_map_write_error(errno);
+		else 
+		    PORT_SetError(PR_IO_ERROR);
+		IOError(rv, "timeout-write");
+	    }
+	}
+#else /* WIN32 */
+	/* Use memory mapped I/O and just memcpy() the data */
+	CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
+	rv = sizeof *sce;
+#endif /* XP_UNIX */
+	RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
+	if (rv == sizeof *sce)
+	    PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+	return PR_FALSE;
+    }
+
+    /*
+    ** Finally, examine specific session-id/addr data to see if the cache
+    ** entry matches our addr+session-id value
+    */
+    if (!memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
+	(PORT_Memcmp(sce->u.ssl2.sessionID, sessionID, sessionIDLength) == 0)) {
+	/* Found it */
+	return PR_TRUE;
+    }
     PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
-    return NULL;
+    return PR_FALSE;
 }
 
 /************************************************************************/
 
 /* This is the primary function for finding entries in the server's sid cache.
  * Although it is static, this function is called via the global function 
  * pointer ssl_sid_lookup.
  */
 static sslSessionID *
-ServerSessionIDLookup(const PRIPv6Addr *addr,
+ServerSessionIDLookup(	const PRIPv6Addr  *addr,
 			unsigned char *sessionID,
 			unsigned int   sessionIDLength,
                         CERTCertDBHandle * dbHandle)
 {
-    sslSessionID *  sid      = 0;
-    sidCacheEntry * psce;
-    certCacheEntry *pcce     = 0;
-    cacheDesc *     cache    = &globalCache;
-    PRUint32        now;
-    PRUint32        set;
-    PRInt32         cndx;
-    sidCacheEntry   sce;
-    certCacheEntry  cce;
-
-    set = SIDindex(cache, addr, sessionID, sessionIDLength);
-    now = LockSet(cache, set, 0);
-    if (!now)
-    	return NULL;
-
-    psce = FindSID(cache, set, now, addr, sessionID, sessionIDLength);
-    if (psce) {
-	if (psce->version >= SSL_LIBRARY_VERSION_3_0 && 
-	    (cndx = psce->u.ssl3.certIndex) != -1) {
-
-	    PRUint32 gotLock = LockSidCacheLock(cache->certCacheLock, now);
-	    if (gotLock) {
-		pcce = &cache->certCacheData[cndx];
+    SIDCacheEntry sce;
+    sslSessionID *sid;
 
-		/* See if the cert's session ID matches the sce cache. */
-		if ((pcce->sessionIDLength == psce->sessionIDLength) &&
-		    !PORT_Memcmp(pcce->sessionID, psce->sessionID, 
-		                 pcce->sessionIDLength)) {
-		    cce = *pcce;
-		} else {
-		    /* The cert doesen't match the SID cache entry, 
-		    ** so invalidate the SID cache entry. 
-		    */
-		    psce->valid = 0;
-		    psce = 0;
-		    pcce = 0;
-		}
-		UnlockSidCacheLock(cache->certCacheLock);
-	    } else {
-		/* what the ??.  Didn't get the cert cache lock.
-		** Don't invalidate the SID cache entry, but don't find it.
-		*/
-		PORT_Assert(!("Didn't get cert Cache Lock!"));
-		psce = 0;
-		pcce = 0;
-	    }
-	}
-	if (psce) {
-	    sce = *psce;	/* grab a copy while holding the lock */
-    	}
+    sid = 0;
+    lock_cache();
+    if (FindSID(addr, sessionID, sessionIDLength, &sce)) {
+	/* Found it. Convert file format to internal format */
+	sid = ConvertToSID(&sce, dbHandle);
     }
-    UnlockSet(cache, set);
-    if (psce) {
-	/* sce conains a copy of the cache entry.
-	** Convert file format to internal format 
-	*/
-	sid = ConvertToSID(&sce, pcce ? &cce : 0, dbHandle);
-    }
+    unlock_cache();
     return sid;
 }
 
 /*
-** Place a sid into the cache, if it isn't already there. 
+** Place an sid into the cache, if it isn't already there. Note that if
+** some other server process has replaced a session-id cache entry that has
+** the same cache index as this sid, then all is ok. Somebody has to lose
+** when this condition occurs, so it might as well be this sid.
 */
 static void 
 ServerSessionIDCache(sslSessionID *sid)
 {
-    sidCacheEntry sce;
-    PRUint32      now     = 0;
-    uint16        version = sid->version;
-    cacheDesc *   cache   = &globalCache;
+    SIDCacheEntry sce;
+    PRUint32      offset;
+#ifdef XP_UNIX
+    off_t         off;
+    int           rv;
+#endif
+    uint16 version = sid->version;
 
     if ((version >= SSL_LIBRARY_VERSION_3_0) &&
 	(sid->u.ssl3.sessionIDLength == 0)) {
 	return;
     }
 
     if (sid->cached == never_cached || sid->cached == invalid_cache) {
-	PRUint32 set;
+	lock_cache();
 
+	sid->time = ssl_Time();
 	if (version < SSL_LIBRARY_VERSION_3_0) {
-	    sid->time = ssl_Time() + ssl_sid_timeout;
 	    SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
-			"cipher=%d", myPid, sid->cached,
+			"cipher=%d", myPid, sid->cached, 
 			sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
 			sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
 			sid->time, sid->u.ssl2.cipherType));
 	    PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
-			  SSL2_SESSIONID_BYTES));
+			  sizeof(sid->u.ssl2.sessionID)));
 	    PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
 			  sid->u.ssl2.masterKey.len));
 	    PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
 			  sid->u.ssl2.cipherArg.len));
 
+	    /* Write out new cache entry */
+	    offset = Offset(&sid->addr, sid->u.ssl2.sessionID,
+			    sizeof(sid->u.ssl2.sessionID)); 
 	} else {
-	    sid->time = ssl_Time() + ssl3_sid_timeout;
 	    SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
-			"cipherSuite=%d", myPid, sid->cached,
+			"cipherSuite=%d", myPid, sid->cached, 
 			sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-			sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+			sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], 
 			sid->time, sid->u.ssl3.cipherSuite));
 	    PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
 			  sid->u.ssl3.sessionIDLength));
+
+	    offset = Offset(&sid->addr, sid->u.ssl3.sessionID,
+			    sid->u.ssl3.sessionIDLength);
+	    
 	}
 
 	ConvertFromSID(&sce, sid);
+	if (version >= SSL_LIBRARY_VERSION_3_0) {
+	    if (sid->peerCert == NULL) {
+		sce.u.ssl3.certIndex = -1;
+	    } else {
+		sce.u.ssl3.certIndex = (int16)
+		    ((offset / sizeof(SIDCacheEntry)) % numCertCacheEntries);
+	    }
+	}
+	
+	GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof sce);
+#ifdef XP_UNIX
+	off = lseek(SIDCacheFD, offset, SEEK_SET);
+	if (off != offset) {
+	    if (off == -1) 
+		nss_MD_unix_map_lseek_error(errno);
+	    else
+	    	PORT_SetError(PR_IO_ERROR);
+	} else {
+	    rv = write(SIDCacheFD, &sce, sizeof sce);
+	    if (rv != sizeof(sce)) {
+		if (rv == -1) 
+		    nss_MD_unix_map_write_error(errno);
+		else 
+		    PORT_SetError(PR_IO_ERROR);
+		IOError(rv, "update-write");
+	    }
+	}
+#else /* WIN32 */
+	CopyMemory(&SIDCacheData[offset], &sce, sizeof sce);
+#endif /* XP_UNIX */
+	RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof sce);
 
 	if ((version >= SSL_LIBRARY_VERSION_3_0) && 
 	    (sid->peerCert != NULL)) {
-	    now = CacheCert(cache, sid->peerCert, &sce);
+	    CacheCert(sid->peerCert, &sce);
 	}
 
-	set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength);
-	now = LockSet(cache, set, now);
-	if (now) {
-	    PRUint32  next = cache->sidCacheSets[set].next;
-	    PRUint32  ndx  = set * SID_CACHE_ENTRIES_PER_SET + next;
-
-	    /* Write out new cache entry */
-	    cache->sidCacheData[ndx] = sce;
-
-	    cache->sidCacheSets[set].next = 
-	    				(next + 1) % SID_CACHE_ENTRIES_PER_SET;
-
-	    UnlockSet(cache, set);
-	    sid->cached = in_server_cache;
-	}
+	sid->cached = in_server_cache;
+	unlock_cache();
     }
 }
 
-/*
-** Although this is static, it is called from ssl via global function pointer
-**	ssl_sid_uncache.  This invalidates the referenced cache entry.
-*/
 static void 
 ServerSessionIDUncache(sslSessionID *sid)
 {
-    cacheDesc *    cache   = &globalCache;
-    PRUint8 *      sessionID;
-    unsigned int   sessionIDLength;
-    PRErrorCode    err;
-    PRUint32       set;
-    PRUint32       now;
-    sidCacheEntry *psce;
+    SIDCacheEntry sce;
+    PRErrorCode   err;
+    int rv;
 
-    if (sid == NULL) 
-    	return;
+    if (sid == NULL) return;
     
     /* Uncaching a SID should never change the error code. 
     ** So save it here and restore it before exiting.
     */
     err = PR_GetError();
-
+    lock_cache();
     if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-	sessionID       = sid->u.ssl2.sessionID;
-	sessionIDLength = SSL2_SESSIONID_BYTES;
 	SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
-		    "cipher=%d", myPid, sid->cached,
+		    "cipher=%d", myPid, sid->cached, 
 		    sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-		    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+		    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], 
 		    sid->time, sid->u.ssl2.cipherType));
-	PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
+	PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
+		      sizeof(sid->u.ssl2.sessionID)));
 	PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
 		      sid->u.ssl2.masterKey.len));
 	PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
 		      sid->u.ssl2.cipherArg.len));
+	rv = FindSID(&sid->addr, sid->u.ssl2.sessionID,
+		     sizeof(sid->u.ssl2.sessionID), &sce);
     } else {
-	sessionID       = sid->u.ssl3.sessionID;
-	sessionIDLength = sid->u.ssl3.sessionIDLength;
 	SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
-		    "cipherSuite=%d", myPid, sid->cached,
+		    "cipherSuite=%d", myPid, sid->cached, 
 		    sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
-		    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+		    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3], 
 		    sid->time, sid->u.ssl3.cipherSuite));
-	PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
+	PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
+		      sid->u.ssl3.sessionIDLength));
+	rv = FindSID(&sid->addr, sid->u.ssl3.sessionID,
+		     sid->u.ssl3.sessionIDLength, &sce);
     }
-    set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
-    now = LockSet(cache, set, 0);
-    if (now) {
-	psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength);
-	if (psce) {
-	    psce->valid = 0;
-	}
-	UnlockSet(cache, set);
+    
+    if (rv) {
+	Invalidate(&sce);
     }
     sid->cached = invalid_cache;
+    unlock_cache();
     PORT_SetError(err);
 }
 
 static SECStatus
-InitCache(cacheDesc *cache, int maxCacheEntries, PRUint32 ssl2_timeout, 
-          PRUint32 ssl3_timeout, const char *directory)
+InitSessionIDCache(int maxCacheEntries, PRUint32 timeout,
+		   PRUint32 ssl3_timeout, const char *directory)
 {
-    ptrdiff_t     ptr;
-    sidCacheLock *pLock;
-    char *        sharedMem;
-    PRFileMap *   cacheMemMap;
-    char *        cfn = NULL;	/* cache file name */
-    int           locks_initialized = 0;
-    int           locks_to_initialize = 0;
-    PRUint32      init_time;
-
-    if (cache->sharedMem) {
+    char *cfn;
+#ifdef XP_UNIX
+    int rv;
+    if (SIDCacheFD >= 0) {
 	/* Already done */
 	return SECSuccess;
     }
-
-    cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries 
-                                                : DEF_SID_CACHE_ENTRIES;
-    cache->numSIDCacheSets    = 
-    	SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET);
+#else /* WIN32 */
+	if(SIDCacheFDMAP != INVALID_HANDLE_VALUE) {
+	/* Already done */
+	return SECSuccess;
+	}
+#endif /* XP_UNIX */
 
-    cache->numSIDCacheEntries = 
-    	cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET;
-
-    cache->numSIDCacheLocks   = 
-    	PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks);
-
-    cache->numSIDCacheSetsPerLock = 
-    	SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks);
 
-    /* compute size of shared memory, and offsets of all pointers */
-    ptr = 0;
-    cache->sharedMem     = (char *)ptr;
-    ptr += SID_ROUNDUP(sizeof(cacheDesc), SID_ALIGNMENT);
+    if (maxCacheEntries) {
+	numSIDCacheEntries = maxCacheEntries;
+    }
+    sidCacheWrapOffset = numSIDCacheEntries * sizeof(SIDCacheEntry);
+    sidCacheFileSize = sidCacheWrapOffset +
+         (kt_kea_size * SSL_NUM_WRAP_MECHS * sizeof(SSLWrappedSymWrappingKey));
 
-    cache->sidCacheLocks = (sidCacheLock *)ptr;
-    cache->keyCacheLock  = cache->sidCacheLocks + cache->numSIDCacheLocks;
-    cache->certCacheLock = cache->keyCacheLock  + 1;
-    ptr = (ptrdiff_t)(cache->certCacheLock + 1);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->sidCacheSets  = (sidCacheSet *)ptr;
-    ptr = (ptrdiff_t)(cache->sidCacheSets + cache->numSIDCacheSets);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->sidCacheData  = (sidCacheEntry *)ptr;
-    ptr = (ptrdiff_t)(cache->sidCacheData + cache->numSIDCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+    /* Create file names */
+    cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
+    if (!cfn) {
+	return SECFailure;
+    }
+#ifdef XP_UNIX
+    sprintf(cfn, "%s/.sslsidc.%d", directory, getpid());
+#else /* XP_WIN32 */
+	sprintf(cfn, "%s\\ssl.sidc.%d.%d", directory,
+			GetCurrentProcessId(), GetCurrentThreadId());
+#endif /* XP_WIN32 */
 
-    cache->certCacheData = (certCacheEntry *)ptr;
-    cache->sidCacheSize  = 
-    	(char *)cache->certCacheData - (char *)cache->sidCacheData;
-
-    /* This is really a poor way to computer this! */
-    cache->numCertCacheEntries = cache->sidCacheSize / sizeof(certCacheEntry);
-    if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
-    	cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
-    ptr = (ptrdiff_t)(cache->certCacheData + cache->numCertCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->keyCacheData  = (SSLWrappedSymWrappingKey *)ptr;
-    cache->certCacheSize = 
-    	(char *)cache->keyCacheData - (char *)cache->certCacheData;
+    /* Create session-id cache file */
+#ifdef XP_UNIX
+    do {
+	(void) unlink(cfn);
+	SIDCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
+    } while (SIDCacheFD < 0 && errno == EEXIST);
+    if (SIDCacheFD < 0) {
+	nss_MD_unix_map_open_error(errno);
+	IOError(SIDCacheFD, "create");
+	goto loser;
+    }
+    rv = unlink(cfn);
+    if (rv < 0) {
+	nss_MD_unix_map_unlink_error(errno);
+	IOError(rv, "unlink");
+	goto loser;
+    }
+#else  /* WIN32 */
+    SIDCacheFDMAP = 
+    	CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
+			  &sidCacheFDMapAttributes, /* inheritable. */
+			  PAGE_READWRITE,
+			  0,                    /* size, high word. */
+			  sidCacheFileSize,     /* size, low  word. */
+			  NULL);		/* no map name in FS */
+    if(! SIDCacheFDMAP) {
+	nss_MD_win32_map_default_error(GetLastError());
+	goto loser;
+    }
+    SIDCacheData = (char *)MapViewOfFile(SIDCacheFDMAP, 
+                                         FILE_MAP_ALL_ACCESS, 	/* R/W    */
+					 0, 0, 			/* offset */
+				         sidCacheFileSize);	/* size   */
+    if (! SIDCacheData) {
+	nss_MD_win32_map_default_error(GetLastError());
+	goto loser;
+    }
+#endif /* XP_UNIX */
 
-    cache->numKeyCacheEntries = kt_kea_size * SSL_NUM_WRAP_MECHS;
-    ptr = (ptrdiff_t)(cache->keyCacheData + cache->numKeyCacheEntries);
-    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
-    cache->sharedMemSize = ptr;
-
-    cache->keyCacheSize  = (char *)ptr - (char *)cache->keyCacheData;
+    if (!cacheLock)
+	nss_InitLock(&cacheLock, nssILockCache);
+    if (!cacheLock) {
+	SET_ERROR_CODE
+	goto loser;
+    }
+#ifdef _WIN32
+    if (isMultiProcess  && (SECSuccess != createServerCacheSemaphore())) {
+	SET_ERROR_CODE
+	goto loser;
+    }
+#endif
 
-    if (ssl2_timeout) {   
-	if (ssl2_timeout > MAX_SSL2_TIMEOUT) {
-	    ssl2_timeout = MAX_SSL2_TIMEOUT;
+    if (timeout) {   
+	if (timeout > 100) {
+	    timeout = 100;
 	}
-	if (ssl2_timeout < MIN_SSL2_TIMEOUT) {
-	    ssl2_timeout = MIN_SSL2_TIMEOUT;
+	if (timeout < 5) {
+	    timeout = 5;
 	}
-	cache->ssl2Timeout = ssl2_timeout;
-    } else {
-	cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
+	ssl_sid_timeout = timeout;
     }
 
     if (ssl3_timeout) {   
-	if (ssl3_timeout > MAX_SSL3_TIMEOUT) {
-	    ssl3_timeout = MAX_SSL3_TIMEOUT;
-	}
-	if (ssl3_timeout < MIN_SSL3_TIMEOUT) {
-	    ssl3_timeout = MIN_SSL3_TIMEOUT;
+	if (ssl3_timeout > 86400L) {
+	    ssl3_timeout = 86400L;
 	}
-	cache->ssl3Timeout = ssl3_timeout;
-    } else {
-	cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
-    }
-
-    /* Create file names */
-#ifdef XP_UNIX
-    /* there's some confusion here about whether PR_OpenAnonFileMap wants
-    ** a directory name or a file name for its first argument.
-    cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid);
-    */
-    cfn = PR_smprintf("%s", directory);
-#else /* XP_WIN32 */
-    cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid, 
-    			GetCurrentThreadId());
-#endif /* XP_WIN32 */
-    if (!cfn) {
-	goto loser;
-    }
-
-    /* Create cache */
-    cacheMemMap = PR_OpenAnonFileMap(cfn, cache->sharedMemSize, 
-                                            PR_PROT_READWRITE);
-    PR_smprintf_free(cfn);
-    if(! cacheMemMap) {
-	goto loser;
-    }
-    sharedMem = PR_MemMap(cacheMemMap, 0, cache->sharedMemSize);
-    if (! sharedMem) {
-	goto loser;
+	if (ssl3_timeout < 5) {
+	    ssl3_timeout = 5;
+	}
+	ssl3_sid_timeout = ssl3_timeout;
     }
 
-    /* Initialize shared memory. This may not be necessary on all platforms */
-    memset(sharedMem, 0, cache->sharedMemSize);
-
-    /* Copy cache descriptor header into shared memory */
-    memcpy(sharedMem, cache, sizeof *cache);
-
-    /* save private copies of these values */
-    cache->cacheMemMap = cacheMemMap;
-    cache->sharedMem   = sharedMem;
-    cache->sharedCache = (cacheDesc *)sharedMem;
-
-    /* Fix pointers in our private copy of cache descriptor to point to 
-    ** spaces in shared memory 
-    */
-    ptr = (ptrdiff_t)cache->sharedMem;
-    *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
-    *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
-    *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
-    *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
-    *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
-    *(ptrdiff_t *)(&cache->certCacheData) += ptr;
-    *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
-
-    /* initialize the locks */
-    init_time = ssl_Time();
-    pLock = cache->sidCacheLocks;
-    for (locks_to_initialize = cache->numSIDCacheLocks + 2;
-         locks_initialized < locks_to_initialize; 
-	 ++locks_initialized, ++pLock ) {
-
-	SECStatus err = sslMutex_Init(&pLock->mutex, isMultiProcess);
-	if (err)
-	    goto loser;
-        pLock->timeStamp = init_time;
-	pLock->pid       = 0;
+    GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
+#ifdef XP_UNIX
+    /* Initialize the files */
+    if (ZeroFile(SIDCacheFD, sidCacheFileSize)) {
+	/* Bummer */
+	close(SIDCacheFD);
+	SIDCacheFD = -1;
+	goto loser;
     }
-
+#else /* XP_WIN32 */
+    ZeroMemory(SIDCacheData, sidCacheFileSize);
+#endif /* XP_UNIX */
+    RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
+    PORT_Free(cfn);
     return SECSuccess;
 
-loser:
-    if (cache->cacheMemMap) {
-	if (cache->sharedMem) {
-	    if (locks_initialized > 0) {
-		pLock = cache->sidCacheLocks;
-		for (; locks_initialized > 0; --locks_initialized, ++pLock ) {
-		    sslMutex_Destroy(&pLock->mutex);
-		}
-	    }
-	    PR_MemUnmap(cache->sharedMem, cache->sharedMemSize);
-	    cache->sharedMem = NULL;
-	}
-    	PR_CloseFileMap(cache->cacheMemMap);
-	cache->cacheMemMap = NULL;
+  loser:
+#ifdef _WIN32
+    if (svrCacheSem)
+	destroyServerCacheSemaphore();
+#endif
+    if (cacheLock) {
+	PZ_DestroyLock(cacheLock);
+	cacheLock = NULL;
     }
+    PORT_Free(cfn);
     return SECFailure;
 }
 
-PRUint32
-SSL_GetMaxServerCacheLocks(void)
+static SECStatus 
+InitCertCache(const char *directory)
 {
-    return ssl_max_sid_cache_locks + 2;
-    /* The extra two are the cert cache lock and the key cache lock. */
+    char *cfn;
+#ifdef XP_UNIX
+    int rv;
+    if (certCacheFD >= 0) {
+	/* Already done */
+	return SECSuccess;
+    }
+#else /* WIN32 */
+    if(certCacheFDMAP != INVALID_HANDLE_VALUE) {
+	/* Already done */
+	return SECSuccess;
+    }
+#endif /* XP_UNIX */
+
+    numCertCacheEntries = sidCacheFileSize / sizeof(CertCacheEntry);
+    if (numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
+    	numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
+    certCacheFileSize = numCertCacheEntries * sizeof(CertCacheEntry);
+
+    /* Create file names */
+    cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
+    if (!cfn) {
+	return SECFailure;
+    }
+#ifdef XP_UNIX
+    sprintf(cfn, "%s/.sslcertc.%d", directory, getpid());
+#else /* XP_WIN32 */
+    sprintf(cfn, "%s\\ssl.certc.%d.%d", directory,
+	    GetCurrentProcessId(), GetCurrentThreadId());
+#endif /* XP_WIN32 */
+
+    /* Create certificate cache file */
+#ifdef XP_UNIX
+    do {
+	(void) unlink(cfn);
+	certCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
+    } while (certCacheFD < 0 && errno == EEXIST);
+    if (certCacheFD < 0) {
+	nss_MD_unix_map_open_error(errno);
+	IOError(certCacheFD, "create");
+	goto loser;
+    }
+    rv = unlink(cfn);
+    if (rv < 0) {
+	nss_MD_unix_map_unlink_error(errno);
+	IOError(rv, "unlink");
+	goto loser;
+    }
+#else  /* WIN32 */
+    certCacheFDMAP = 
+    	CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
+			  &certCacheFDMapAttributes, /* inheritable. */
+			  PAGE_READWRITE,
+			  0,                /* size, high word. */
+			  certCacheFileSize, /* size, low word. */
+			  NULL);           /* no map name in FS */
+    if (! certCacheFDMAP) {
+	nss_MD_win32_map_default_error(GetLastError());
+	goto loser;
+    }
+    certCacheData = (char *) MapViewOfFile(certCacheFDMAP, 
+                                           FILE_MAP_ALL_ACCESS, /* R/W    */
+					   0, 0, 		/* offset */